Security News > 2022 > October > FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
2022-10-14 20:11
Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization."
Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.
Microsoft leaves the Office, rebrands everything as 365.
Microsoft in April introduced a data governance system called Microsoft Purview.
Office 365 Message Encryption is now considered a legacy system.
"Since Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption," the lab concludes.
News URL
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft rolls out Office LTSC 2024 for Windows and Mac (source)
- Microsoft fixes bug crashing Microsoft 365 apps when typing (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft says more ransomware stopped before reaching encryption (source)