Bug Allows Impersonation of Microsoft Email Accounts, Raises Concerns about Security
A researcher named Vsevolod Kokorin, also known as Slonser, recently discovered a bug that enables anyone to impersonate Microsoft corporate email accounts. This bug makes phishing attempts look highly credible and more likely to deceive their targets. As of now, the bug has not been patched, leaving users vulnerable to potential attacks.
Kokorin initially reported the bug to Microsoft but was dismissed by the company, claiming they couldn’t reproduce his findings. This led Kokorin to publicize the bug on a social media platform, without providing specific technical details that could be exploited by malicious hackers. Frustrated by Microsoft’s response, Kokorin expressed his disappointment, emphasizing the importance of companies not ignoring researchers and being more receptive to their help.
The bug discovered by Kokorin specifically works when sending emails to Outlook accounts. This poses a significant threat as there are at least 400 million Outlook users worldwide, according to Microsoft’s latest earnings report. Although the exact level of risk remains unknown, it is crucial for Microsoft to address this issue promptly to ensure the security and trust of its users.
Microsoft’s track record with security issues raises concerns about the potential impact of this bug. The company has faced multiple security problems in recent years, attracting the attention of federal regulators and lawmakers. In 2023, China stole a considerable amount of U.S. federal government emails from Microsoft’s servers. This incident led Microsoft president Brad Smith to testify in a House hearing, pledging a renewed effort to prioritize cybersecurity within the company.
Furthermore, a Russian-government linked hacking group successfully broke into Microsoft corporate email accounts in January. They stole sensitive information regarding what the company’s top executives knew about the hackers themselves. Additionally, ProPublica recently revealed that Microsoft had ignored warnings about a critical flaw that was later exploited in a Russian-backed cyber espionage campaign targeting SolarWinds, a prominent tech company.
Given these significant security incidents and the potential impact of the bug discovered by Kokorin, it is crucial for Microsoft to take immediate action to address this vulnerability. Timely patching and improved communication with researchers will help enhance Microsoft’s overall security posture and protect its vast user base from potential cybersecurity threats.
