Security News > 2022 > October > FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
2022-10-14 20:11
Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization."
Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.
Microsoft leaves the Office, rebrands everything as 365.
Microsoft in April introduced a data governance system called Microsoft Purview.
Office 365 Message Encryption is now considered a legacy system.
"Since Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption," the lab concludes.
News URL
Related news
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Massive botnet hits Microsoft 365 accounts (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)