Summary: A security researcher discovered a bug that allows anyone to impersonate Microsoft corporate email accounts, potentially enabling phishing attacks.
Threat Actor: N/A
Victim: Microsoft
Key Point:
- A bug was discovered that allows anyone to impersonate Microsoft corporate email accounts, putting users at risk of falling for phishing attacks.
- The bug was reported to Microsoft, but the company was unable to reproduce the findings.
- The researcher disclosed the flaw to TechCrunch to raise awareness about the vulnerability.
- Technical details of the bug were not disclosed to prevent malicious hackers from exploiting it.
The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks.
The researchers demonstrated the bug exploitation to TechCrunch, Kokorin told TechCrunch that he reported the bug to Microsoft, but the company replied that it couldn’t reproduce his findings. Then Kokorin disclosed the flaw on X.
The researcher explained that the vulnerability works when an attacker sends an email to Outlook accounts.
“Kokorin said he last followed up with Microsoft on June 15. Microsoft did not respond to TechCrunch’s request for comment on Tuesday.” reported TechCrunch. “TechCrunch is not divulging technical details of the bug in order to prevent malicious hackers from exploiting it.”
Kokorin expressed surprise at the reaction to his report, he pointed out that he was only offering assistance to Microsoft.
At this time the issue has yet to be addressed, and it is unclear if any threat actors have already exploited it in attacks in the wild.
We will continue to follow the evolution of this case.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, spoofing)
Source: https://securityaffairs.com/164675/hacking/expert-warns-of-a-spoofing-bug.html
“An interesting youtube video that may be related to the article above”