A recent finding by cybersecurity expert Vsevolod Kokorin, known online as Slonser, has revealed a significant vulnerability allowing malicious actors to spoof Microsoft corporate emails.
Slonser shared a screenshot on X, illustrating an email that seemed to originate from security@microsoft.com. Despite alerting Microsoft to this issue, the company initially failed to replicate the vulnerability and dismissed it as irrelevant. Slonser then provided a detailed video demonstration and a proof-of-concept, yet Microsoft still couldn’t reproduce the flaw.
Extensive Attack Surface
Frustrated by Microsoft’s response, Slonser decided to publicly disclose his findings online. His post gained substantial attention, amassing over 118,000 views. Subsequently, Microsoft reopened one of Slonser’s previously submitted reports.
This vulnerability, affecting Outlook accounts, impacts approximately 400 million users. Spoofing emails from trusted brands like Microsoft could enable highly convincing phishing attacks, posing a significant security threat.
Unclear Origins and Microsoft’s Response
It remains uncertain whether Slonser was the first to discover this flaw or if it had already been exploited by others. This revelation comes on the heels of a series of security breaches involving Chinese threat actors accessing emails of high-ranking US officials. In response, Microsoft has announced a comprehensive overhaul of its security practices, prioritizing cybersecurity above all else.
