Urgent warning to all 400 million Outlook users after new email bug is discovered: here’s how to protect yourself
An urgent warning has been issued to all 400 million Outlook users after a bug was discovered that enables email spoofing.
A security researcher at SolidLab shared his findings on X, revealing that the vulnerability allows anyone to spoof accounts, allowing malicious actors to send malicious emails to other users.
Vsevolod Kokorin gave a demonstration showing that he could spoof Microsoft’s security email account.
The expert has advised all Outlook users to be weary when opening new emails and especially not to click on strange links.
An urgent warning has been issued to all 400 million Outlook users after a bug was discovered that enables email spoofing
Outlook is one of the most widely used email services in the world and has a market share of more than 40 percent in the email management market.
However, the Microsoft service is most commonly used for businesses.
Kokorin told TechCrunch that he reported the flaw to Microsoft shortly after discovering it months ago, but said the company ignored his findings.
Microsoft reportedly told the security expert that it could not replicate his findings.
The response led to Kokorin sending a demonstration video to the company showing how the attack was carried out and making his discovery public on X.
“Microsoft just said they couldn’t reproduce it without providing details,” Kokorin told TechCrunch. “Microsoft may have noticed my tweet because a few hours ago they reopened one of my reports that I submitted several months ago.”
TechCrunch claimed to have received a fake email from Kokorin confirming the bug exists.
DailyMail.com has contacted Microsoft for comment.
However, Kokorin noted that he had previously sent other issues he found to Microsoft and the company was receptive.
A security researcher at SolidLab shared his findings on X, revealing that the vulnerability allows anyone to impersonate accounts, allowing bad actors to send malicious emails to other users
KoKorin has declined to reveal how the flaw can be exploited, but it only works when sending emails from one Outlook account to another.
The issue comes just two months after Microsoft CEO Satya Nadella announced a major overhaul to ensure security is the company’s main focus.
In an internal memo obtained by The Verge, Nadella said security is now Microsoft’s “top priority.”
“When faced with the trade-off between security and another priority, your answer is clear: do security,” Nadella wrote.
“In some cases, this means prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems.”
However, Microsoft has not yet made a formal announcement about the bug found by KoKorin.