{"id":105625,"date":"2024-06-18T17:46:52","date_gmt":"2024-06-18T17:46:52","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/06\/18\/security-bug-allows-anyone-to-spoof-microsoft-employee-emails-techcrunch\/"},"modified":"2024-06-18T17:46:52","modified_gmt":"2024-06-18T17:46:52","slug":"security-bug-allows-anyone-to-spoof-microsoft-employee-emails-techcrunch","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/06\/18\/security-bug-allows-anyone-to-spoof-microsoft-employee-emails-techcrunch\/","title":{"rendered":"Security bug allows anyone to spoof Microsoft employee emails | TechCrunch"},"content":{"rendered":"


\n<\/p>\n

\n

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets.\u00a0<\/p>\n

As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft\u2019s account security team.<\/p>\n

Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn\u2019t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.\u00a0<\/p>\n

\n
\n
\n

I want to share my recent case:
> I found a vulnerability that allows sending a message from any user@domain
> We cannot reproduce it
> I send a video with the exploitation, a full PoC
> We cannot reproduce it
At this point, I decided to stop the communication with Microsoft. pic.twitter.com\/mJDoHTn9Xv<\/a><\/p>\n

\u2014 slonser (@slonser_) June 14, 2024<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

\u201cMicrosoft just said they couldn\u2019t reproduce it without providing any details,\u201d Koroin told TechCrunch in an online chat. \u201cMicrosoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.\u201d<\/p>\n

The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft\u2019s latest earnings report<\/a>.\u00a0<\/p>\n

Kokorin said he last followed up with Microsoft on June 15. Microsoft did not respond to TechCrunch\u2019srequest for comment on Tuesday.\u00a0<\/p>\n

TechCrunch is not divulging technical details of the bug in order to prevent malicious hackers from exploiting it.<\/p>\n

\u201cI did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,\u201d Kokorin said. \u201cMany people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.\u201d<\/p>\n

It\u2019s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited.<\/p>\n

While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators<\/a> and congressional lawmakers<\/a>.\u00a0<\/p>\n

Last week, Microsoft president Brad Smith testified in a House hearing<\/a> after China stole a tranche of U.S. federal government emails<\/a> from Microsoft\u2019s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments.\u00a0<\/p>\n

Months earlier in January, Microsoft confirmed that a Russian-government linked hacking group had broken into Microsoft corporate emails accounts<\/a> to steal information about what the company\u2019s top executives knew about the hackers themselves. And last week, ProPublica revealed<\/a> that Microsoft had failed to heed warnings about a critical flaw that was later exploited in the Russian-backed cyber espionage campaign that targeted tech company SolarWinds.<\/p>\n<\/div>\n