Security News > 2022 > October > Weakness in Microsoft Office 365 Message Encryption could expose email contents
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information.
OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook implementation - a mode of operation known to leak certain structural information about messages.
Attackers able to obtain enough OME emails could use the leaked information to partially or fully infer the contents of the messages by analyzing the location and frequency of repeated patterns in individual messages, and then matching these patterns to ones found in other OME emails and files.
"Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents. More emails make this process easier and more accurate, so it's something attackers can perform after getting their hands on e-mail archives stolen during a data breach, or by breaking into someone's email account, email server or gaining access to backups," explained WithSecure consultant and security researcher Harry Sintonen, who discovered the issue.
Organizations have no way to prevent an attacker that comes into possession of affected emails from compromising its contents using the method outlined in the advisory.
Because there is no fix from Microsoft or a more secure mode of operation available to email admins or users, WithSecure recommends avoiding the use of OME as a means of ensuring the confidentiality of emails.
News URL
https://www.helpnetsecurity.com/2022/10/14/weakness-office-365-encryption/
Related news
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)