Wednesday, December 7, 2022
HomeDigit NewsMicrosoft has known about this since the beginning of the year: a...

Microsoft has known about this since the beginning of the year: a dangerous vulnerability in Microsoft Office allows you to reveal user correspondence

Researchers from cybersecurity company WithSecure have discovered a dangerous vulnerability in Microsoft Office.
According to Venture Beat, the error lies in the Microsoft Office message encryption service. Thanks to it, cybercriminals were able to uncover the block cipher of the electronic codebook (ECB), which contains information about the structure of each message sent.
Although this vulnerability cannot fully reveal the content of a conversation, an attacker is able to match email patterns and reveal protected information through inference.


An attacker who gains access to encrypted emails can extract some information from the encrypted emails. Depending on the characteristics of the particular email content, the disclosure may be (almost) full or partial.

Garry Sintonen, Principal Security Consultant at WithSecure.


Garry Sintonen added that the more encrypted emails an attacker can collect, the easier it is for him to match patterns and decrypt the contents of the messages.
WithSecure claims to have notified Microsoft of the vulnerability back in January 2022. Despite the fact that Microsoft paid them a cash reward, the error was never fixed and remains in the system to this day.
- Advertisement -

- Advertisment -

- Advertisment -spot_imgspot_imgspot_img


Two Wheeler


Digit News