Security bug could have allowed anyone to spoof Microsoft employee emails
![](https://cdn.shortpixel.ai/spai/q_lossy+ret_img+to_auto/www.wilsonsmedia.com/wp-content/uploads/2024/06/security-bug-could-have-allowed-anyone-to-spoof-microsoft-employee-emails.jpg)
![](https://cdn.shortpixel.ai/spai/q_lossy+ret_img+to_auto/i0.wp.com/cdn.mos.cms.futurecdn.net/fM8xCxm5Z8RmL2yHGbveFZ-1200-80.jpg?w=640&ssl=1)
Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails.
A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling screenshot that appeared to show an email seemingly coming from the [email protected] email address.
In the post, Slonser said that after tipping off Microsoft about the vulnerability, the company came back saying it couldn’t reproduce it. In other words – it didn’t find it relevant. The researcher then shared “a video with the exploitation, a full PoC” to which Microsoft, yet again, responded by saying it was unable to reproduce the flaw.
Large attack surface
“At this point, I decided to stop the communication with Microsoft,” Slonser said, and just posted his findings on the internet.
His post “blew up”, raking in more than 118,000 views at press time. The researcher later suggested to TechCrunch that Microsoft may have had a change of heart: “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”
The vulnerability apparently only works on Outlook accounts, which are still some 400 million users. So, the attack surface is fairly large. By spoofing major brands such as Microsoft, threat actors could create convincing and highly dangerous phishing emails, so the threat coming from this vulnerability is real.
However, it is currently unknown if Slonser was the first one to find it, or if someone else already discovered it and abused it in attacks.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Microsoft has recently been put on a pillar of shame, after a series of security mishaps which resulted in Chinese threat actors reading emails belonging to high ranking US government employees. As a result, Microsoft announced a full overhaul of its security practices, and claimed to have placed cybersecurity “above all else”.
Via TechCrunch
More from TechRadar Pro
Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling screenshot that appeared to show an email seemingly coming from…
Recent Posts
- DJI expands into e-bikes and drive systems
- Large language model evaluation: The better together approach
- NASCAR is coming to Fortnite, starting with the release of a Chicago street course map
- Netflix has started removing its cheapest ad-free plans – leaving many with a tricky decision
- Xbox Live is back after an outage lasting several hours
Archives
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011