Microsoft 365 broken cryptographic algorithm could be exploited by hackers

October 18, 2022

Security researchers at WithSecure have discovered a vulnerability in Microsoft 365 that involves the platform’s use of a broken cryptographic algorithm.

The bug was found in Office 365 Message Encryption (OME), a security mechanism used to send and receive encrypted email messages between inside and outside an organization.

The problem with the broken cryptographic algorithm could allow third parties to gain access to the encrypted emails and perform several sections, including deciphering the messages, and effectively break confidentiality laws.

“An attacker with a large database of messages may infer their content (or parts of it) by analyzing relative locations of repeated sections of the intercepted messages. Since Microsoft has no plans to fix this vulnerability, the only mitigation is to avoid using Microsoft Office 365 Message Encryption,” WithSecure said.

The bug that WithSecure has uncovered does not specifically refer to the decryption of a single message, but instead capitalize on analyzing a stash of encrypted stolen emails for such ports patterns and ultimately decrypts their contents.

Microsoft has already treated Message Encryption (OME) as a legacy system and urged customers to use a data governance platform called Purview to secure emails and documents via encryption and access controls.

The sources for this piece include an article in TheHackerNews.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn