Outlook; the S / MIME standard does not encrypt your email

Users of Microsoft's Outlook e-mail using the S/MIME encryption standard do not secure the content of their e-mails from a bug in s.

The issue occurs because Outlook sends emails in both encrypted and unencrypted formats. So an attacker who is able to separate the traffic of the email account can read the content of these messages.OutlookThe bug is not a general but only occurs when the following conditions are met:

  • Only emails encrypted with the public key encryption template are allowed S / MIME, but not the PGP / GPG.
  • Encrypted email leak appears only for emails that are "sent" using Outlook and have not been received by Outlook.
  • The leak only occurs for Outlook emails sent in plain text. THE setting of Outlook is to use it s HTML.
  • Leakage also occurs when users try to encrypt responses to emails. Outlook automatically changes the default HTML formatting to plain text when you reply to such messages.
  • The leak occurs continuously if the user uses Outlook with an SMTP server.
  • The leak only occurs on hop servers for Outlook clients using Microsoft Exchange infrastructure. This reduces the leakage of encrypted emails within a corporate network.
  • There is also a leak in the recipient's email client. Because email clients display message previews, an attacker can see the contents of the encrypted message even if they do not have access to the private encryption available to the recipient.

Crypto leakage, while limited by the above scenarios, is a delicate matter. The but also individuals use encryption to secure sensitive information they exchange via email.

The researchers of SEC Consult they discovered the leakage of encrypted Outlook emails in error.
Researchers said they contacted Microsoft about the issue and the company released a bug fix - coded with the ID CVE-2017-11776on Tuesday 10 October of 2017.

Microsoft did not reveal which versions of Olook were affected by this issue.

At present, companies and individuals who meet the above scenarios are vulnerable to CVE-2017-11776 and should immediately update Outlook.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2017clientEmailI'm suremicrosoft Exchange

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).