Security News > 2022 > October > FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
2022-10-14 20:11
Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization."
Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.
Microsoft leaves the Office, rebrands everything as 365.
Microsoft in April introduced a data governance system called Microsoft Purview.
Office 365 Message Encryption is now considered a legacy system.
"Since Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption," the lab concludes.
News URL
Related news
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft investigates Microsoft 365 outage affecting users, admins (source)