back to article Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached. You read that right: if you can intercept a network connection transferring an encrypted email, …


  1. Rural area satellite.

    MS plainly states that they respect the user's privacy. The memo is attached.

  2. Tom Melly

    So, if the attacker has both the encrypted and unencrypted versions, can they work out the private key? I assume not, since, thinking about it, that would make encryption about as useful as Theresa May.

  3. Stuart Moore

    Normally I'm all for bug hunters giving software companies time to fix before going public...

    ... But in this case given how easy the exploit is, and how far removed from the intended functionality, I can't help wondering if disclosing earlier would have been better so people could avoid sending more unencrypted emails that they believed were encrypted

  4. Anonymous Coward
    Anonymous Coward

    Cmon guys.

    Clearly they send the plaintext version to help verify the encrypted message when its decrypted.

    If they have nothing to compare the decrypted data with how do they know if it decrypted correctly.


  5. adam payne Silver badge

    It's not a bug it's a backdoor so that intelligence agencies can read your boring email. They like to profile people it's a hobby of theirs.

  6. Terry 6 Silver badge

    To me it doesn't sound like a bug, as such. Rather just sloppy design.


    SMIME better than PGP just pity about those CA's

    Secure MIME has more support is easy to use but people like microsoft and Certificate Authorities are not helping...

    why would you encrypt the same part of the message (formating) but not the other ?

    I suspect that just a few gov offices will be asking a few questions...

  8. Anonymous Coward
    Anonymous Coward

    I underestimated Outlook

    I sent plain text email for many years but gave up when so many people complained, now every email from Outlook is ten pages of junk for two lines of text (if you view the source). Today I find Outlook's features mean I can send ten pages of obscured, poorly formatted HTML, and the plain text too!

    I thought HTML was the height of inefficiency, but I had no idea.

  9. mrobert

    I don't take chance

    In my case, i use from several year Secure Exchanges product. It's an addin that you can use on top of Microsoft Outlook, and encrypt, and destroy the email when it's read.

    I don't have choice to work with Microsoft, but i don't trust it anyway :-)


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019