Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher

Redmond says OME isn't supposed to be used for security, just for something else

Thomas Claburn Fri 14 Oct 2022  //  20:11 UTC

Microsoft Office 365 Message Encryption claims to offer a way "to send and receive encrypted email messages between people inside and outside your organization."

And according to WithSecure, it's not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure for data with repeating patterns, such as plaintext or uncompressed images or videos. And Microsoft isn't fixing it.

When using ECB mode, messages are divided into a series of blocks, and plaintext that's the same in different blocks produces identical ciphertext. In the case of an image where pixels of the same color get represented by the same plaintext, the corresponding ciphertext is also the same for like pixels, which makes the image visible through the ciphertext.

The leaky nature of ECB makes it unsuitable for secure communication, and cryptography experts advise against using it for cryptographic protocols. As America's NIST states, "use of ECB to encrypt confidential information constitutes a severe security vulnerability."

Office 365 Message Encryption (OME) relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used. In other words, when AES is paired with ECB mode, the resulting encryption is poor.

The security lab says that OME encrypted messages get sent as email attachments, and thus may reside on email systems or may have been intercepted. An attacker with access to a sufficient number of these messages can potentially infer message contents by analyzing repeating ciphertext patterns.

"Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents," said Harry Sintonen, security researcher at WithSecure, in a statement.

"More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on email archives stolen during a data breach, or by breaking into someone’s email account, e-mail server or gaining access to backups."

WithSecure attributes Microsoft's continued use of ECB to the desire to maintain compatibility. The security firm notes that the Microsoft Information Protection (MIP) C++ library has a ProtectionHandler::PublishingSettings class, which has a SetIsDeprecatedAlgorithmPreferred method. This method, Microsoft's documentation explains, "Sets whether or not deprecated crypto algorithm (ECB) is preferred for backwards compatibility."

Microsoft evidently does not consider this a problem. Alerted to WithSecure's findings, the software giant reportedly said no action is necessary: "The report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report."

Microsoft in April introduced a data governance system called Microsoft Purview. Office 365 Message Encryption (OME) is now considered a legacy system. We're told the Windows goliath is looking into alternative encryption methods for future products.

In an email to The Register, a Microsoft spokesperson said, "The rights management feature is intended as a tool to prevent accidental misuse and is not a security boundary. To help prevent abuse we recommend customers follow best security practices, including keeping systems up to date, enabling multi-factor authentication, and using a real time anti-malware product."

WithSecure says that organizations using Office 365 Message Encryption may wish to consider the legal ramifications of this vulnerability, particularly with regard to EU and California privacy rules.

"Since Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption," the lab concludes. ®
Send us news
13 Comments

Microsoft 365's Chinese host uses just four percent renewable energy: Greenpeace

Red clouds are in no rush to go green

Microsoft accused of tracking kids with education software

Privacy group seeks clarification of whether EU data protection law has been breached

Indian stock exchange finally encrypting all messages to traders

Requests for pricing will soon be encrypted, after implementation deadline was extended

Microsoft expects further concessions for Teams amid EC antitrust probe

Despite unbundling video and chat app from Office, Redmond 'committed to find a resolution to regulators' concerns'

Zoom adds 'post-quantum' encryption for video nattering

Guess we all have imaginary monsters to fear

Telegram CEO calls out rival Signal, claiming it has ties to US government

Drama between two of the leading secure messaging services

You want us to think of the children? Couldn't agree more

But breaking E2EE and blanket bans aren't thinking at all

End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box

Internet Society's Robin Wilton tells us the war on privacy won't be won by the plod

Encrypted mail service Proton hands suspect's personal info to local cops

Plus: Google patches another Chrome security hole, and more

Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors

And warn that AI is already being used by extremists to plot attacks

Europol now latest cops to beg Big Tech to ditch E2EE

Don't bore us, get to the chorus: You need less privacy so we can protect the children

Not a Genius move: Resurrecting war hero Alan Turing as your 'chief AI officer'

Chatbot vendor should end the campaign and apologize