Native Data Protection

Microsoft Closes Outlook Copy-On-Write Flaw with Exchange Online Fix

by Tony Redmond

Microsoft fixed the copy-on-write bug in Outlook for Windows in Exchange Online. The fix stops users removing attachments from sent or received messages. A strong case can be made that the fix should have been present from the start to stop any possibility that clients could comprise Exchange Native Data Protection. Microsoft doesn't think many people were affected and they could be right, but that doesn't make the problem any easier to swallow.

Outlook Flaw Compromises Exchange Online Native Data Protection

by Tony Redmond

A bug in Outlook desktop's implementation of the MAPI over HTTP protocol allows users whose mailboxes are on hold to remove attachments from messages. The removal is not captured by the copy-on-write feature of Exchange Online Native Data Protection, which potentially compromises the ability of Data Governance managers or eDiscovery investigators to recover information needed for compliance purposes. All in all, it's a mess that Microsoft needs to clean up quickly.