A security flaw could have allowed anyone to spoof Microsoft employee emails
Security researchers recently claimed to have found a flaw that allowed threat actors to spoof Microsoft business emails.
A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling screenshot that appeared to show an email that appeared to come from the security@microsoft.com e-mail address.
In the post, Slonser said that after the company tipped off Microsoft about the vulnerability, it backtracked and said it couldn’t reproduce it. In other words, it didn’t think it was relevant. The researcher then shared “a video showing the exploit, a full PoC” to which Microsoft again responded saying it could not reproduce the flaw.
Large attack surface
“At this point I decided to stop communicating with Microsoft,” Slonser said, and simply posted his findings online.
His post “blew up” and was viewed more than 118,000 times at the time of writing. The researcher suggested that later TechCrunch that Microsoft may have changed its mind: “Microsoft may have noticed my tweet because a few hours ago they reopened one of my reports that I submitted several months ago.”
The vulnerability apparently only works on Outlook accounts, which still have around 400 million users. So the attack surface is quite large. By spoofing major brands like Microsoft, threat actors can create convincing and highly dangerous phishing emails, so the threat posed by this vulnerability is real.
However, it is currently unknown whether Slonser was the first to find it, or if someone else had already discovered it and exploited it in attacks.
Microsoft has recently been placed in a shameful spot, following a series of security mishaps that led to Chinese threat actors reading emails from high-ranking US government officials. As a result, Microsoft announced a complete overhaul of its security practices, claiming to have placed cybersecurity “above all else.”
Through TechCrunch