Security bug enables impersonation of Microsoft employee emails: All you need to know
A researcher has found a bug that allows individuals to impersonate Microsoft corporate email accounts.
The bug only affects emails sent to Outlook accounts.
This bug raises serious concerns about the integrity of digital communications.
In the ever-evolving landscape of cybersecurity threats, a disturbing discovery has come to light: a bug allowing individuals to impersonate Microsoft corporate email accounts has been found by a researcher. This bug not only raises serious concerns about the integrity of digital communications but also underscores the critical need for robust cybersecurity measures in today’s interconnected world.
As businesses and individuals alike rely heavily on email for communication and operations, the implications of such a flaw are dangerous, potentially paving the way for phishing attacks and data breaches.
Let’s delve into the details.
Also read: Alert! New ‘ClickFix’ malware tricks users with fake error fixes for Chrome & OneDrive
To demonstrate the vulnerability, the researcher sent an email to TechCrunch that appeared to be from Microsoft’s account security team.
Last week, Vsevolod Kokorin, known online as Slonser, revealed on X (formerly Twitter) that he had discovered a bug related to email spoofing. He reported the issue to Microsoft, but the company dismissed his findings, claiming they couldn’t replicate the problem. In response, Kokorin decided to disclose the bug publicly on X, though he did not provide any technical details that could potentially be used to exploit it.
Also read: New Phishing Scam is here! Targeting Facebook Business accounts
I want to share my recent case:
— slonser (@slonser_) June 14, 2024
> I found a vulnerability that allows sending a message from any user@domain
> We cannot reproduce it
> I send a video with the exploitation, a full PoC
> We cannot reproduce it
At this point, I decided to stop the communication with Microsoft. pic.twitter.com/mJDoHTn9Xv
“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin said. “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”
According to Kokorin, the bug he discovered only affects emails sent to Outlook accounts. This encompasses a significant user base of at least 400 million users worldwide, as per Microsoft’s latest earnings report.
“I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,” Kokorin said. “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”
It remains unclear whether anyone besides Kokorin has identified the bug or if it has been exploited maliciously.
Ayushi Jain
Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds. View Full Profile