Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Outlook may not encrypt your email if you use S / MIME encryption
Users using Microsoft Outlook to send encrypted email via the S / MIME standard may experience information leaks due to errors in Outlook.
The problem is that Oulook sends emails both in encrypted and unencrypted form. An attacker who watches email traffic can read the contents of these emails. This error only occurs in certain circumstances below.
- Only encrypted email using the public key encryption standard is affected, except PGP / GPG.
- Only happens with email sent by Outlook, not received mail.
- Only occurs with Outlook email sent in plain text. The default setting of Outlook is to use HTML format.
- Occurs when the user tries to encrypt the response email for plain text. Outlook automatically changes the default HTML format to plain text when responding to such an email.
- Use Outlook with an SMTP server.
- A server jumps to Outlook client using the Microsoft Exchange structure. This limits the leak of encrypted email in the corporate network. TLS must be turned off for email communication.
- Occurs on the recipient's email client. Because email clients display email preview content, an attacker can view the email content encrypted even without an encryption key. For example, an attacker who has an email password but does not have a S / MIME key can still read the received content, and send the failed installation of Outlook.
Although only limited to these situations, this leak is still a sensitive issue. Companies often use encryption to protect sensitive information shared via email. Many bug reports, vulnerabilities also use encryption format.
Outlook may not encrypt your email if you use S / MIME encryption Picture 1
S / MIME encryption may still not protect your email in Outlook
Microsoft is silent about the real impact
SEC Consult researchers discovered an encrypted email leak using S / MIME earlier this year. Another user also reported the same issue to the Microsoft forum a month later.
The researchers said they contacted Microsoft for an error and the company also corrected it yesterday, in a Tuesday patch, CVE-2017-11776. Microsoft does not disclose which versions of Outlook are affected, meaning it can affect every version.
See more:
How to encrypt email on Microsoft Outlook
Samuel DanielYou should read it
- How to encrypt email on Microsoft Outlook
- How to encrypt Gmail, Outlook and other webmail
- Encrypt email in Outlook 2007
- Introducing OpenSSH
- How to encrypt files using Gocryptfs
- How to use Bitlocker to encrypt data in computers
- How to encrypt email
- How to easily encrypt a file without a password using Cloak Encrypt
- Let's Encrypt expires root certificate, many devices and websites have problems accessing it
- iPGMail: The best way to encrypt emails on iOS
- How to encrypt files on Google Drive with Syncrypto
- How to Encrypt Files
May be interested
Features available on MS Office allow malware to enter without turning on the macro
Akamai detected the Fast Flux botnet with 14,000 IP addresses
Fake attacks on Facebook say you are a reliable contact, don't believe it!
DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN
Microsoft silently patched the KRACK WPA2 security hole
KRACK attack breaks down the WPA2 WiFi protocol
How to encrypt Gmail, Outlook and other webmail
How to encrypt email
How to encrypt email on Microsoft Outlook
Encrypt email in Outlook 2007
Discover 2 new vulnerabilities on 2 popular email protocols
iPGMail: The best way to encrypt emails on iOS