Researches warned about a Electronic code book protocol that used by Microsoft for email encryption has a weakness that can leak information.
The NIST, the U.S. agency that develops encryption standards for civilian use, characterizes ECB as a severe security vulnerability.
Microsoft’s use of the algorithm for the purpose, encrypted email could betray its senders under conditions in which an adversary can gather large volumes of messages.
ECB encrypts repeated plaintext within a single message with the same characters, an authority able to capture and analyze email flows could infer parts of the encrypted text.
Researchers were able to extract a raw image file of the word fail printed in black against a background. The extraction was not perfect, but it was clear enough to read the text.
Microsoft, yet to assign a CVE tracker to the vulnerability.
Microsoft will continues to use algorithm, to support backward compatibility though it has a known problem. Without a ln alternate, stopping Electronic Code Book was difficult to get away from it without causing customers to lose the ability to decrypt old messages.