Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Bug allows threat actors to mimic legitimate Microsoft emails

A bug allowing threat actors to send a message from what appears to be a legitimate Microsoft employee email has been discovered by a security researcher.

user icon Daniel Croft
Wed, 19 Jun 2024
Bug allows threat actors to mimic legitimate Microsoft emails
expand image

Vsevolod Kokorin, better known as Slonser online, notified Microsoft of the bug upon discovery. However, unable to recreate the bug, the tech giant dismissed the issue.

In response, Slonser then shared the bug online, withholding details that would allow users to exploit it.

While details of the bug have been intentionally kept quiet, Slonser said the bug only affects Outlook account holders, of which there are 400 million, making Outlook the largest rival for Gmail, which has 1.8 billion users.

The bug appears to allow those who exploit it to send an email that at least appears to be from a legitimate address, making it a dangerous phishing tool for scammers and threat actors.

To prove the bug, Slonser sent a demonstration email to TechCrunch impersonating Microsoft’s account security team.

In an online chat with TechCrunch, Slonser said that making the bug public seems to have piqued Microsoft’s interest once again as the company revisited the issue.

“Microsoft just said they couldn’t reproduce it without providing any details,” Solnser told TechCrunch.

“Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.