← NewsroomData Protection

Security issues in Office 365

We have set ourselves the goal of creating a solution that is auditable for customers and that not only shines through its flexibility: VNClagoon.

In a new article, heise.de has drawn attention to a blatant security hole in Microsoft Office 365. At the moment, it even looks as if this vulnerability were deliberately created.

Office 365 business products might be vulnerable to Emotet. This malware intercepts banking data and can load additional packages with additional harmful functionalities. Emotet often gets to the devices via so-called macros, and authorities are often the target of these attacks. Office 365 Business Premium is among the affected applications. In this version, the execution of macros can not be prohibited centrally via group policy, thus providing a gateway for malicious code like Emotet. In the article, Heise mentions that this gap may have been left intentionally to lure customers to more expensive enterprise versions, because the missing functionality is documented in the description.

According to the article, disabling macros does not work for subsequent versions:

  • Office 365 Business

The fact that such an important function for companies is missing in enterprise and business versions is, in our view, absolutely intolerable and negligently exposes companies and authorities to the risk of an Emotet infection.

Another security risk is the hosting of MS Office 365 in general. Although Microsoft guarantees storage on servers within the EU and compliance with the Safe Harbour Agreement, it cannot defend itself against the US Cloud Act. Microsoft is an US American company and no matter where its servers are located, all data must be made available to the security authorities on request.

It is therefore essential for authorities and businesses to consider safer options. Only those who are aware of all access options and entries to their IT infrastructure are able to generate the most secure system possible. The creation of a completely secure system is almost impossible with the rapid progress of hardware and software, but open source applications can provide a valuable contribution here. With proprietary software, "black boxes" are created in the IT infrastructure, i.e. areas that are not open for inspection by users and administrators. In these areas, it is sometimes unclear which and how much data is transmitted to the manufacturer, for example.

We have set ourselves the goal of creating a product stack that is auditable for customers and that not only shines through its flexibility: VNClagoon. Users of VNClagoon decide themselves which modules of the software stack they want to use:

VNCmail : Customizable and expandable groupware solution (e-mail, calendar, contacts) VNCtalk : Messenger with chat & group chat, audio and video conferences, screen sharing, etc. VNCproject : All-in-One solution for your project management VNCtask : Professional task management & To-Do lists VNCcontacts : Contact and address management VNCsafe : Securely share files, folders, galleries and other information VNCoffice : Powerful and customizable online office suite

You can find an overview of all our products on our VNClagoon website.

Advantages of the VNClagoon Business Software Stack:

  • open standards, open source software - and thus security, auditability

Many VNC products are available for desktop PCs as well as for smartphones and tablets, on Windows, Mac, Linux, iOS and Android.

For further information please visit our website.

← Back to Newsroom