Security bug could have allowed anyone to spoof Microsoft employee emails

Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails.

A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling screenshot that appeared to show an email seemingly coming from the security@microsoft.com email address.

In the post, Slonser said that after tipping off Microsoft about the vulnerability, the company came back saying it couldn’t reproduce it. In other words – it didn’t find it relevant. The researcher then shared “a video with the exploitation, a full PoC” to which Microsoft, yet again, responded by saying it was unable to reproduce the flaw.

Large attack surface

“At this point, I decided to stop the communication with Microsoft,” Slonser said, and just posted his findings on the internet.

His post “blew up”, raking in more than 118,000 views at press time. The researcher later suggested to TechCrunch that Microsoft may have had a change of heart: “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

The vulnerability apparently only works on Outlook accounts, which are still some 400 million users. So, the attack surface is fairly large. By spoofing major brands such as Microsoft, threat actors could create convincing and highly dangerous phishing emails, so the threat coming from this vulnerability is real.

However, it is currently unknown if Slonser was the first one to find it, or if someone else already discovered it and abused it in attacks.

Microsoft has recently been put on a pillar of shame, after a series of security mishaps which resulted in Chinese threat actors reading emails belonging to high ranking US government employees. As a result, Microsoft announced a full overhaul of its security practices, and claimed to have placed cybersecurity “above all else”.

Via TechCrunch

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/fM8xCxm5Z8RmL2yHGbveFZ-1200-80.jpg

Source link

‘DDR5 retail prices pullback amid market correction’: TrendForce report sparks hope that we might be turning a corner in the RAM crisis

European Union wants to ban AI-created images and video in official messaging

I use these 5 simple ‘ChatGPT codes’ every day — and they instantly improve my results

10 wild things people are building with OpenClaw

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Taryn Manning on Attack Video, Denies It Was Girlfriend

What’s Up With Weird Celebrity Brand Names?

Reacher Season 4’s Perfect 2026 Release Plan Gets Derailed

HBO’s 25-Year-Old Fantasy Series Is Officially Taking Over the World

Exclusive-Fed’s Barkin: Households, firms still see oil shock through a "short-term lens"

Elon Musk’s coterie of companies are getting more and more pushback from Democrats

Piper Sandler sees bank stock buybacks as catalyst amid pullback

Steve Jobs didn’t actually become a billionaire thanks to leading Apple

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Security bug could have allowed anyone to spoof Microsoft employee emails

Taryn Manning on Attack Video, Denies It Was Girlfriend

Exclusive-Fed’s Barkin: Households, firms still see oil shock through a "short-term lens"

‘DDR5 retail prices pullback amid market correction’: TrendForce report sparks hope that we might be turning a corner in the RAM crisis

What’s Up With Weird Celebrity Brand Names?