A bug has been discovered that allows anyone to send emails pretending to be a Microsoft employee



A bug has been discovered in Microsoft's email client,

Outlook , that could allow anyone to send emails pretending to be from a Microsoft employee.




Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/

Vsevolod Kokorin, a security researcher at SolidLab , posted on X (formerly Twitter) that he had discovered a vulnerability that allowed messages to be sent from any user domain. In fact, Kokorin has published an email that appears to have been sent from Microsoft Security, Microsoft's security division.



According to Kokorin, the bug only occurs when sending emails to Outlook accounts, but Microsoft reports that the number of Outlook users is ' approximately 400 million worldwide ,' raising concerns that the bug could affect a wide range of users.

For this reason, Kokorin has not revealed any technical details about the bug, citing the need to 'prevent malicious hackers from exploiting this bug.'




Kokorin reported the bug to Microsoft, but Microsoft rejected the investigation, saying that they could not reproduce Kokorin's report. So Kokorin reported the bug to X. Kokorin criticized Microsoft's stance, saying, 'When I reported a similar problem to Google, the problem was resolved immediately and not ignored.'




Kokorin later said, 'Microsoft seems to have noticed my post and has contacted me to say that they have resumed testing on this bug.'

'I didn't expect my small X account to get so many responses,' Kokorin said. 'I didn't post about this bug to get money.' He also appealed to TechCrunch, an overseas media outlet, to 'please companies not look down on researchers and support them more friendly.'


Related Posts:

in Software,   Security, Posted by log1r_ut