Researchers from the company WithSecure, which specializes in solutions in the field of cybersecurity, discovered a dangerous vulnerability in Microsoft Office. This was reported by the Venture Beat portal.

An error in the Microsoft Office message encryption service. Thanks to this, the cybercriminals were able to crack the block cipher of the electronic code book, which contains information about the structure of each message sent.

Although this vulnerability cannot fully reveal the contents of the correspondence, an attacker could match email patterns and reveal protected information through logical inference.

“An attacker accessing encrypted e-mails can extract some information from the encrypted e-mails. Depending on the characteristics of the email content, disclosure may be (almost) complete or partial”‘ said Harry Sintonen, WithSecure’s chief security adviser.

WithSecur claims to have reported the vulnerability to Microsoft in early 2022. Although the IT giant thanked the researchers and even gave them a monetary reward, the bug was never fixed and remained in the system to this day.