Security researchers at WithSecure, the company formerly known as F-Secure, have published details of a potentially dangerous vulnerability in Microsoft Office 365 Message Encryption (OME) that could expose the contents of users’ emails to a threat actor if left unmitigated.
OME is used by organisations to send encrypted emails both internally and externally. It uses the Electronic Codebook (ECB) encryption implementation, but according to WithSecure consultant and security researcher Harry Sintonen, this mode of operation leaks certain structural information about messages.
This is because it encrypts each cipher block individually with repeating blocks of the clear text message mapping to the same cipher text blocks each time – which means that while the actual clear text cannot be revealed directly, information about the structure of the message can be.
The result of this, claims Sintonen, is that a threat actor who has been able to get their hands on enough OME emails could use this information to either partially or fully infer the actual contents of messages. This would be done by analysing the location and frequency of repeated patterns in the individual messages, and then matching those to other OME emails and files.
“More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on email archives stolen during a data breach, or by breaking into someone’s email account, email server or gaining access to backups,” said Sintonen, who discovered the problem in January 2022 and promptly reported it through Microsoft’s bug bounty programme.
Sintonen added that because this pattern analysis can be done offline, making it even easier for an attacker to compare against backlogs or archives of previous messages. Nor would an attacker need knowledge of the encryption keys, making use of a Bring Your Own Encryption/Key (BYOE/K) service no defence at all.
Unfortunately, he added, this means there is no real way for organisations to stop an attacker who gets hold of their OME emails from decoding their contents via this method.
“Any organisation with personnel that used OME to encrypt emails are basically stuck with this problem. For some, such as those that have confidentiality requirements put into contracts or local regulations, this could create some issues,” said Sintonen.
“And then, of course, there’s questions about the impact this data could have in the event it’s actually stolen, which makes it a significant concern for organisations,” said Sintonen.
Sintonen added that depending on the contents of their emails, many organisations might need to consider the legal impact of the vulnerability, as it could lead to privacy impacts under regulations such as the EU or UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) to name but two.
At the time of writing, Microsoft has no known plans to implement mitigation measures or a fix for this issue. Redmond’s security team told WithSecure: “The report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report.”
In light of this, should security teams deem this an addressable risk, the only actionable solution is to cease use of OME immediately, but as Sintonen pointed out, doing so does not mitigate the risk of an attacker gaining access to emails previously encrypted via the service.