Bitte aktivieren Sie JavaScript in Ihrem Browser, um alle Funktionen dieser Seite nutzen zu können.
You need to activate JavaScript in your browser to use all the functions on this page.

Zertificon Blog

We provide encryption solutions and write about 'Secure Business Communications'.


Zertificon’s Z1 SecureMail Gateway enhances Microsoft 365 for confidential email exchange and ECB exploits prevention

Inadequate mail encryption with M365 Security researchers at WithSecure disclosed a Microsoft security vulnerability in native Microsoft 365 email encryption in October. Microsoft has no current plans to fix the vulnerability. M365 customers are now dealing with security concerns – on top of known usability limitations:

  • Client-side S/MIME encryption only which puts high levels of responsibility on the end user. It requires much effort and increases the risks of incorrect or failed encryption
  • Inadequate user guidance for encryption with contacts who do not have a Microsoft account
Microsoft 365 uses Electronic Codebook (ECB) for encryption. It’s an outdated block operation mode that transposes identical plaintext blocks into identical ciphertext blocks. Fundamentally, it encrypts all content the same way. It makes it easier for attackers to crack encryption when they get their hands on a large message database. As early as March 2022, The U.S. National Institute of Standards and Technology (NIST) stated that ECB represents a severe security risk and is unsuitable for confidential information encryption. Furthermore, email encryption with ECB does not meet state-of-the-art security and compliance standards for GDPR data protection requirements.

Microsoft wants to continue using the insecure ECB mode

According to Microsoft, M365 use of the ECB mode is due to compatibility reasons. Microsoft dismisses the weakness report, reasoning an actual breach threat where attackers can access large email repositories to decode ECB is only possible with a direct attack on a customer’s infrastructure. Instead, Microsoft recommends customers adopt security best practices to protect their own infrastructures, disregarding email interception threats on unprotected networks.

Threat levels are at an all-time high for companies

Microsoft’s assessment does not accurately match the real cyber threat levels on the Internet. Poorly encrypted messages can be intercepted, analyzed, and manipulated in bulk, opening doors for espionage and sabotage. With the current political situation, risks are exceptionally high.

Z1 SecureMail Gateway integrates with M365 to solve security and usability issues

No one needs to quit using M365. Companies can enjoy the solution’s benefits without compromising security. Z1 SecureMail Gateway adds email encryption and signature functions to your M365 infrastructure, automatically implementing security in the background. Learn how easy integrating Z1 SecureMail Gateway with M365 can be for your business with the case study of our client, binder pharma services gmbh. You will also find out how it can bring security peace of mind to your organization.

WordPress Cookie Plugin by Real Cookie Banner