October 28, 2024 at 03:26PM Microsoft has launched inbound SMTP DANE with DNSSEC for Exchange Online, enhancing email security. Following delays due to security concerns, this feature is now available to all customers, with complete rollouts expected by early 2025. It protects against man-in-the-middle attacks by verifying email communication authenticity. ### Meeting Takeaways: Microsoft Inbound … Read more
July 17, 2024 at 03:09PM Microsoft is introducing inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security. This includes utilizing TLS Authentication (TLSA) DNS record for verifying mail server identity and using DNSSEC for cryptographically verifying DNS records. The rollout, scheduled until 2025, aims to protect email domains from … Read more
June 13, 2024 at 10:42AM Microsoft released a patch for a serious denial-of-service (DoS) vulnerability in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability (CVE-2023-50868) affects multiple vendors and projects, including Unbound, BIND, dnsmasq, and PowerDNS. Despite patches being released earlier by other vendors, Microsoft issued a fix only recently, making it a … Read more
March 26, 2024 at 04:29AM Two DNSSEC vulnerabilities, KeyTrap (CVE-2023-50387) and NSEC3-encloser (CVE-2023-50868), were disclosed with similar descriptions and a severity score of 7.5 out of 10. However, a study by the ATHENE team finds NSEC3-encloser is less severe than KeyTrap, contrary to MITRE’s assessment. This has led to concerns about the accuracy and quality … Read more