Security bug may allow anyone to spoof Microsoft employee emails

Share post:

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts, making phishing attempts appear more credible and likely to deceive their targets. As of now, the bug remains unpatched.

Vsevolod Kokorin, also known online as Slonser, identified the email-spoofing bug and reported it to Microsoft. However, the company initially dismissed his report, claiming they couldn’t reproduce his findings. Frustrated by the response, Kokorin publicized the bug on X (formerly Twitter), although he refrained from sharing technical details to prevent misuse.

To demonstrate the bug, Kokorin sent an email that appeared to come from Microsoft’s account security team. He explained that the bug works specifically with Outlook accounts, impacting at least 400 million users worldwide, based on Microsoft’s latest earnings report.

“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told TechCrunch in an online chat. He added that Microsoft might have noticed his tweet because they reopened one of his reports a few hours later.

Kokorin clarified his motivations in his X post: “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”

The extent of the threat posed by this bug is currently unknown. It remains unclear if others have discovered or exploited the vulnerability. Microsoft has faced several security issues in recent years, leading to federal investigations and congressional scrutiny.




Related articles

Amazon reviews losing trust as number of fake reviews are uncovered

Amazon's customer review system, once trusted for its verified buyer opinions, is increasingly under scrutiny as more and...

Apple Vision Pro U.S. sales plummet

Apple's Vision Pro headset, priced at $3,500, is experiencing a significant drop in U.S. sales. Market analysts report...

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways