Weakness: Microsoft 365 Encryption Messages can disclose sensitive data

The researchers have identified a flaw in the Microsoft Office 365 message encryption (OME) that is linked to the use of a risky cryptographic algorithm. They warned that it could be used to decode a part or all of the content of encrypted email messages. However, Microsoft remained silent in addressing the issue. 

The organizations use OME to send encrypted emails internally and externally utilizes the Electronic Codebook (ECB) implementation, which is known to expose some structural information about messages.

Also:

-Technical reports on RansomCartel, Royal, BlueSky, BianLian ransomware, Prynt infostealer, and the 8220 Gang
-Microsoft365 encryption flaw left unpacthed
-Linux WLAN RCEs
-Telegram leaks usernames in encrypted comms
-New tools: RedEye, RansomLook, Regulator, Monkey365

— Catalin Cimpanu (@campuscodi) October 17, 2022

Harry Sintonen a security consultant stated that: “If an attacker had access to enough emails using OME, it’s possible to access leaked information by analyzing the frequency of repeating patterns in individual messages and then matching those patterns with those in other encrypted emails and files.”

“This could impact anyone using OME, if the attachment in question has the properties that make it decipherable in this way,” he stated. 

“Of course, for the extraction to be possible, the adversary first needs to get access to the actual encrypted email message.” 

Sintonen further explains that even if the files did not have a larger structure that could directly be revealed, there is still the possibility of fingerprinting files.  

“If a file has some repeating blocks, you could construct a fingerprint from the relation of these repeating blocks,” he says. “You can then scan the encrypted email messages for these fingerprints. If found, you know that this email message included the specific file.”

He further added, it is also possible to leverage artificial intelligence (AI) to find similar fingerprints to find content that is related, perhaps part of a set of similar files.

Harry Sintonin shared his research findings with Microsoft in January 2022. The organization acknowledged this issue and paid him through their vulnerability reward program but declined to fix the issue.

As there is no solution from Microsoft office to fix this issue so it is recommended to avoid the use of OME as a way to protect the email confidentiality.