Security News > 2022 > October > FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization."
Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.
Microsoft leaves the Office, rebrands everything as 365.
Microsoft in April introduced a data governance system called Microsoft Purview.
Office 365 Message Encryption is now considered a legacy system.
"Since Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption," the lab concludes.
News URL
Related news
- Microsoft 365 outage takes down Office web apps, admin center (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- Microsoft 365 users hit by random product deactivation errors (source)