Researchers Uncover Vulnerabilities In Microsoft Security Systems

Researchers uncovered the use of broken encryption emails to secure messages in Microsoft Office 365.

Key Points:

  • Researchers from Finnish cybersecurity firm WithSecure found various security vulnerabilities in Microsoft Office 365.
  • They have revealed that there are defects in the Electronic Codebook (ECB) of Microsoft Office 365.
  • Due to this vulnerability, third-party programs can decrypt poorly encrypted user details.

A new study made by researchers at Finnish cybersecurity firm WithSecure found several vulnerabilities in the encryption suite of Microsft Office 365.

Here, researchers have stated that Microsft Office 365 uses an encryption system called the Electronic Codebook (ECB). ECB stores all the encrypted data regarding the subscribed users, including their payment details and account passwords as well.

In ECB, Microsoft makes use of an encryption mechanism called Office 365 Message Encryption (OME). This is the code that is used to send and receive data between Microsoft databases and users. It holds the key to deciphering users’ encrypted data, which only Microsoft admins can access.

However, this OME can be accessed by hackers using a broken cryptographic algorithm present in the codes. This can be accurately targeted by coding specialists, which allows them access to the ECB, containing data on all users.

Since ECB uses a system that stores data in various banks of data, accessing one such bank by decrypting it can lead to data leaks of thousands of Microsoft Office 365 users. This can be done by analyzing the location of two ciphertext blocks – the primary form of how ECB stores encrypted data.

However, the fun part is the fact that Microsft has no way to solve this issue right now. This report indicates that they are trying to shift to a new data governance system called Purview to secure all emails and user documentations.

Read Also:

debamalya-image

Debamalya Mukherjee

Debamalya is a professional content writer from Kolkata, India. Constantly improving himself in this industry for more than three years, he has amassed immense knowledge regarding his niches of writing tech and gaming articles. He loves spending time with his cats, along with playing every new PC action game as soon as possible.

We will be happy to hear your thoughts

      Leave a reply

      Debamalya Mukherjee

      Debamalya Mukherjee

      Debamalya is a professional content writer from Kolkata, India. Constantly improving himself in this industry for more than three years, he has amassed immense knowledge regarding his niches of writing tech and gaming articles. He loves spending time with his cats, along with playing every new PC action game as soon as possible.

      Tech Trends Pro
      Logo