Warning issued on Office 365 mail vulnerability, but Microsoft denies problem

Photo: Getty Images

October 17, 20221 min read

Use of ECB encryption shown to leave mail vulnerable in security firm’s tests.

Cybersecurity company WithSecure has published details of a vulnerability in Microsoft Office 365 Message encryption (OME), but Microsoft is so far refusing to acknowledge there is a risk that needs addressing.

WithSecure says the problem comes from Microsoft’s decision to use a block cypher confidentiality mode called Electronic Codebook (ECB). A

Cybersecurity, Email, Messaging

Subscribe for free to continue reading

Read more articles like this one with our free plan, or get our Premium plan for access to all content – including our 5,000+ article archive, exclusive interviews, podcasts, and more.

Subscribe for free

Already have an account? Sign in

Interested in Premium? See all plans

Cloud

ECB issues new guidance on outsourcing cloud services

August 28, 2025

The guide sets out the central bank's expectations on the requirements of DORA, including good practices which add an additional layer of complexity.

Cloud

ECB consults on a proposed guide on outsourcing cloud services

June 17, 2024

Covering application of the Guide; overview of the ECB's supervisory expectations, including governance of cloud services and BCPs; and the DORA timetable.

Security

Hacker exploits TeleMessage vulnerability – cybersecurity in the spotlight

May 7, 2025

A vulnerability in TeleMessage was reportedly exploited to extract archived messages and other data relating to US government officials and companies.

Crypto

Bitcoin on the road to irrelevance according to ECB Director General

November 30, 2022

Bitcoin deemed not suitable as a payment system or investment class and 'should not be treated as either in regulatory terms'.

Latest News

FRC sanctions audit firm and partner for conflict of interest breaches

HHS-OIG begins enforcing info-blocking rule in earnest

OECD says US could do better on beneficial ownership reporting

Latest News

Are perpetuals swaps or futures contracts? CME and the CFTC disagree

FCA to become sole AML/CTF supervisor for 60,000 firms

HHS launches initiative to strengthen US role in clinical trials

Latest News

Hot privacy and data security issues on the Hill for 2026

Tech layoffs accelerate as AI automation looms

Opening pan-DORA's box: Navigating the practical challenges

Latest News

Regulatory compliance trends in Canada for sellside and buyside

Video: David Hirsch on the evolving US crypto landscape

Podcast: Aydin Mirzaee on AI note-taking in heavily regulated industries

Latest News

FRC sanctions audit firm and partner for conflict of interest breaches

HHS-OIG begins enforcing info-blocking rule in earnest

OECD says US could do better on beneficial ownership reporting

Warning issued on Office 365 mail vulnerability, but Microsoft denies problem

Subscribe for free to continue reading

ECB issues new guidance on outsourcing cloud services

ECB consults on a proposed guide on outsourcing cloud services

Hacker exploits TeleMessage vulnerability – cybersecurity in the spotlight

Bitcoin on the road to irrelevance according to ECB Director General