/* ---- Google Analytics Code Below */

Friday, October 21, 2022

Encountered and Reported Security Issues in MS Office

In the most recent  ' Security Now  'Podcast #893'  by Steve Gibson, he discussed  the fact that Microsoft  has chosen not to fix a well understood security vulnerability currently in their OME (Office Method Encryption), that has existed for years,  a commonly used system, which claims to have a means to encrypt text in  Office, say before sending it or storing it.  

BUT they use ECB  'Electronic Code book' as a 'secure' method, which is well known to leak information.  ECB is well known to be insecure.  Microsoft has refused to fix or patch the Windows Office method.  I have personally examined ECB in the past, and its problems are obvious and well known. Especially for cases like stolen or diverted data. (Ransomware?)   A major issue for assumed security in MS Office.

Much more here   https://www.grc.com/sn/SN-893-Notes.pdf 

More on ECB Here:  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#ECB 

Following, but please report any patching of this so I can inform followers. 

No comments: