Researchers from cybersecurity company WithSecure have discovered a dangerous vulnerability in Microsoft Office.
According to Venture Beat, the error lies in the Microsoft Office message encryption service. Thanks to it, cybercriminals were able to uncover the block cipher of the electronic codebook (ECB), which contains information about the structure of each message sent.
Although this vulnerability cannot fully reveal the content of a conversation, an attacker is able to match email patterns and reveal protected information through inference.
An attacker who gains access to encrypted emails can extract some information from the encrypted emails. Depending on the characteristics of the particular email content, the disclosure may be (almost) full or partial.
Garry Sintonen, Principal Security Consultant at WithSecure.