Warning issued on Office 365 mail vulnerability, but Microsoft denies problem

Photo: Getty Images

October 17, 20221 min read

Use of ECB encryption shown to leave mail vulnerable in security firm’s tests.

Cybersecurity company WithSecure has published details of a vulnerability in Microsoft Office 365 Message encryption (OME), but Microsoft is so far refusing to acknowledge there is a risk that needs addressing.

WithSecure says the problem comes from Microsoft’s decision to use a block cypher confidentiality mode called Electronic Codebook (ECB). A

Cybersecurity, Email, Messaging

Sign up for free to continue reading

Sign up to read more free articles like this one, or subscribe to the Premium plan to unlock all content.

Cloud

ECB issues new guidance on outsourcing cloud services

August 28, 2025

The guide sets out the central bank's expectations on the requirements of DORA, including good practices which add an additional layer of complexity.

Security

Hacker exploits TeleMessage vulnerability – cybersecurity in the spotlight

May 7, 2025

A vulnerability in TeleMessage was reportedly exploited to extract archived messages and other data relating to US government officials and companies.

Cloud

ECB consults on a proposed guide on outsourcing cloud services

June 17, 2024

Covering application of the Guide; overview of the ECB's supervisory expectations, including governance of cloud services and BCPs; and the DORA timetable.

Crypto

Bitcoin on the road to irrelevance according to ECB Director General

November 30, 2022

Bitcoin deemed not suitable as a payment system or investment class and 'should not be treated as either in regulatory terms'.

Latest News

ASIC secures $24.5m fine for failure to protect customers from scams

A £1m lesson in why sanctions screening keeps repeating itself

DOJ NSD grants first declination under new policy

Latest News

HHS launches initiative to strengthen US role in clinical trials

Vermont tightens oversight of private equity in healthcare

Key compliance takeaways from the European Supervisory Authorities’ 2025 annual reports

Latest News

Hot privacy and data security issues on the Hill for 2026

Tech layoffs accelerate as AI automation looms

Opening pan-DORA's box: Navigating the practical challenges

Latest News

Regulatory compliance trends in Canada for sellside and buyside

Video: David Hirsch on the evolving US crypto landscape

Podcast: Aydin Mirzaee on AI note-taking in heavily regulated industries

Latest News

ASIC secures $24.5m fine for failure to protect customers from scams

Hot privacy and data security issues on the Hill for 2026

Regulatory compliance trends in Canada for sellside and buyside

Warning issued on Office 365 mail vulnerability, but Microsoft denies problem

Sign up for free to continue reading

ECB issues new guidance on outsourcing cloud services

Hacker exploits TeleMessage vulnerability – cybersecurity in the spotlight

ECB consults on a proposed guide on outsourcing cloud services

Bitcoin on the road to irrelevance according to ECB Director General