Microsoft working to fix Outlook encryption flaw

The company said it will be finding a solution to the iOS and Android bugs causing corporate data policies to be ignored

Microsoft is developing a solution to an encryption flaw in the Outlook Android and iOS apps that cause some devices to ignore IT department passwords and policies, including encryption.

The company said additional features will be rolled out in the next few months to heighten security for corporate IT departments, including the addition of PIN lock and new Exchange ActiveSync policies.

Dirk Sigurdson, director of engineering at Rapid 7's Mobilisafe uncovered the flaw, and demonstrated how encryption policies are being ignored on some mobile devices.

Sigurdson explained in a blog: "[With Outlook for Android and iOS] any ActiveSync policy defined on the server is completely ignored. Your company can define a sophisticated passcode or encryption policy that will have absolutely no impact on devices if this new email client is used by your employees. There are other potential security issues with Outlook as well, but this one I think is the most egregious.

"If your organisation is dependent on ActiveSync policies in anyway you should immediately block ActiveSync access to Outlook for iOS and Android," he advised.

Another security blogger, Rene Winkelmeyer, warned of a number of other corporate security flaws in the Outlook apps when they were first released in January. He explained that Microsoft allows users to share corporate mail attachments with personal accounts, share ActiveSync IDs across a single user's devices and shares these credentials with Microsoft.

"The only advice I can give you at this stage is: block the app from accessing your companies [sic] mail servers. And inform your users that they shouldn't use the app," he explained.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Microsoft unveils new Surface Pro, Go, Duo and Studio devices
Laptops

Microsoft unveils new Surface Pro, Go, Duo and Studio devices

22 Sep 2021
Bug fixes and app updates arrive with latest Windows 11 preview build
Microsoft Windows

Bug fixes and app updates arrive with latest Windows 11 preview build

17 Sep 2021
Podcast transcript: Are foldable phones more than a fad?
Mobile

Podcast transcript: Are foldable phones more than a fad?

17 Sep 2021
The IT Pro Podcast: Are foldable phones more than a fad?
Mobile

The IT Pro Podcast: Are foldable phones more than a fad?

17 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
The technology powering the future of shopping
Technology

The technology powering the future of shopping

16 Sep 2021