Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Outlook may not encrypt your email if you use S / MIME encryption
Users using Microsoft Outlook to send encrypted email via the S / MIME standard may experience information leaks due to errors in Outlook.
The problem is that Oulook sends emails both in encrypted and unencrypted form. An attacker who watches email traffic can read the contents of these emails. This error only occurs in certain circumstances below.
- Only encrypted email using the public key encryption standard is affected, except PGP / GPG.
- Only happens with email sent by Outlook, not received mail.
- Only occurs with Outlook email sent in plain text. The default setting of Outlook is to use HTML format.
- Occurs when the user tries to encrypt the response email for plain text. Outlook automatically changes the default HTML format to plain text when responding to such an email.
- Use Outlook with an SMTP server.
- A server jumps to Outlook client using the Microsoft Exchange structure. This limits the leak of encrypted email in the corporate network. TLS must be turned off for email communication.
- Occurs on the recipient's email client. Because email clients display email preview content, an attacker can view the email content encrypted even without an encryption key. For example, an attacker who has an email password but does not have a S / MIME key can still read the received content, and send the failed installation of Outlook.
Although only limited to these situations, this leak is still a sensitive issue. Companies often use encryption to protect sensitive information shared via email. Many bug reports, vulnerabilities also use encryption format.
S / MIME encryption may still not protect your email in Outlook
Microsoft is silent about the real impact
SEC Consult researchers discovered an encrypted email leak using S / MIME earlier this year. Another user also reported the same issue to the Microsoft forum a month later.
The researchers said they contacted Microsoft for an error and the company also corrected it yesterday, in a Tuesday patch, CVE-2017-11776. Microsoft does not disclose which versions of Outlook are affected, meaning it can affect every version.
See more:
How to encrypt email on Microsoft Outlook
5 ★ | 1 Vote
Samuel DanielYou should read it
- Encrypt email in Outlook 2007
- Introducing OpenSSH
- How to encrypt files using Gocryptfs
- How to use Bitlocker to encrypt data in computers
- How to encrypt email
- How to easily encrypt a file without a password using Cloak Encrypt
- Let's Encrypt expires root certificate, many devices and websites have problems accessing it
- iPGMail: The best way to encrypt emails on iOS
May be interested
- How to print email in Outlook
outlook also supports the option to print emails right on the interface to use when you want to print emails without having to do many other setup steps. this printing feature has been provided for both web-based outlook and microsoft outlook versions for us to use. - How to encrypt files on Google Drive with Syncryptoto protect files from unauthorized access by others, we can proceed to encrypt files using syncrypto. the service can encrypt files on google drive.
- 7 Outlook.com tricks you may not know yetuntil now, everyone must be familiar with the email address @ outlook.com. it has been a part of microsoft since 2013. of course, users with outlook addresses can use the desktop email application to read the message, but the main way to access the service is through the outlook web application. . here are seven hidden outlook.com features that you might not know.
- How to Schedule Email Sending in Outlooknetwork administrator explains the detailed steps to schedule an email in outlook. this feature can be done in both the outlook desktop application and the mobile application.
- How to not save sent email in Outlook 2016on outlook versions, users can choose to save email messages so that you can easily search them later. so what if i want to turn off saving email sent on outlook 2016?
- Google introduced a new email encryption applicationin order to reassure their users about privacy, google has not only released a privacy report but also launched a new full encryption tool.
- Instructions for setting up an out of office email on Outlookto create a more professional work email on outlook, you can set up an out-of-office email to respond to emails when you can't reply directly.
- How to insert emoticons (smileys) in Outlook emailsometimes, inserting smileys can express your emotions directly in an email. to know how to insert smileys in an outlook email message, follow the instructions below.
- Instructions for renaming display in Outlookrenaming the display in outlook email lets you set the sender's name in the right situation, or in the case of transferring the outlook work email, you need to reset the outlook display name to make it easy to contact the partner, the customer. renaming the display in outlook is not too complicated, but needs to go through a few steps. below we will show you the detailed steps to rename the sender in outlook.
- Microsoft admits hackers may have read Outlook email and warned users to change their passwordshackers may have gained access to some user's outlook.com accounts and viewed email addresses, folder names, and email topics.
Attack the network
- Features available on MS Office allow malware to enter without turning on the macro
- Akamai detected the Fast Flux botnet with 14,000 IP addresses
- Fake attacks on Facebook say you are a reliable contact, don't believe it!
- DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN
- Microsoft silently patched the KRACK WPA2 security hole
- KRACK attack breaks down the WPA2 WiFi protocol
Features available on MS Office allow malware to enter without turning on the macro
Akamai detected the Fast Flux botnet with 14,000 IP addresses
Fake attacks on Facebook say you are a reliable contact, don't believe it!
DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN
Microsoft silently patched the KRACK WPA2 security hole
KRACK attack breaks down the WPA2 WiFi protocol