S/MIME works with the recipient’s public key to the message body plus flowers, which can use the private key to decrypt the information. However, Outlook’s bug, but it will be sent out at the same time contains an S/MIME encrypted copy, and unprotected non-encrypted e-mail copy.
The end result is that an attacker can access either side of the mailbox, or involve an unencrypted ” server -server” connection that can easily read the message content. SEC Consult said: “The bug makes S/MIME encryption protection completely lost.”
For users who are not aware of the problem, please also review those messages that were marked as “encrypted” in the “Sent” folder in the Outlook application.
Although Microsoft has been repaired on Tuesday as Patch Tuesday, the company has not disclosed to the cybersecurity company the duration of the problem. However, according to SEC Consult, the problem continues at least until May.
During this period (and even earlier), the S/MIME encrypted messages that you send through Outlook are likely to be intercepted and read by a third party.
