Microsoft last week revealed plans to move forward with the retirement of the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365, starting October 15, 2020.
Decades old, these protocol versions are considered obsolete, especially since the newer, safer TLS 1.2 and TLS 1.3 have been available for years. In fact, plans for their removal from major browsers and online services have been announced several years ago.
The deprecation of TLS 1.0 and 1.1 in major browsers has been delayed earlier this year, due to the COVID-19 pandemic, but others have already resumed plans in this direction, to ensure the security of their users.
In October 2018, Microsoft confirmed plans to remove support for the older protocols from its browsers, and also moved to deprecate TLS 1.0 and 1.1 for the Office 365 service.
Now, the company says it is ready to make the change in Office 365 clients as well, and plans to enforce the decision starting in the fall.
“We temporarily halted deprecation enforcement of TLS 1.0 and 1.1 for commercial customers due to covid-19, but as supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020,” the company announced.
The Office client can leverage TLS 1.2, as long as the web service of the machine supports it. Windows 8 and newer include support for TLS 1.2, but Windows 7 devices require the KB 3140245 update to use the TLS 1.1 and 1.2 protocols, Microsoft also explains.
Microsoft is also moving forth with the deprecation of TLS 1.0 and 1.1 in Office 365 GCC, citing known vulnerabilities in the TLS 1.0 implementation. The software giant also published a whitepaper to provide guidance on how organizations can identify and remove TLS dependencies in Windows applications.
Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout
Related: Browser Makers Delay Removal of TLS 1.0 and 1.1 Support
Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
