![]() Depending on the characteristics of the specific content on the email, the revelation could be (nearly) complete or partial,” said Harry Sintonen, principal security consultant at WithSecure. While this Office 365 vulnerability doesn’t directly decipher message content, if an attacker can cross-reference enough email patterns, protected information is at risk of disclosure through inference.Ī “malicious party who gains access to the encrypted emails can extract some information from the supposedly encrypted emails. Just a couple of years ago, Zoom received heavy criticism for choosing AES-128 ECB to encrypt calls and exposing private videos to unauthorized individuals. It’s important to note that Microsoft isn’t the only provider to receive criticism for using ECB. Microsoft acknowledged it and paid the researcher through its vulnerability reward program, but hasn’t issued a fix. WithSecure originally shared its discovery of the Office 365 vulnerability with Microsoft in January 2022. The discovery comes shortly after researchers discovered hackers were chaining two new zero-day Exchange exploits to target Microsoft Exchange servers. Register Here How easy is it for attackers to decrypt Office 365 emails? Learn how to build, scale, and govern low-code programs in a straightforward way that creates success for all this November 9.
0 Comments
Leave a Reply. |