More than 400 million Outlook users are at risk worldwide. A serious vulnerability in this Microsoft email service is allowing cybercriminals to impersonate corporate identities, putting the security and privacy of users at risk.
The issue was initially discovered by Vsevolod Kokorin, a security researcher at SolidLab, who revealed that The vulnerability allows anyone to impersonate another email account on the platform.
Kokorin warned about this flaw through X, warning that users could be victims of phishing attacks, where criminals They use spoofed emails to trick recipients into opening malicious links or downloading infected files.
The researcher demonstrated the exploitation of this vulnerability by sending a simulated email from Microsoft’s account security team to TechCrunch, to show how an attacker could make a fraudulent email appear to come from a trusted source as if it were from the company.
Following the revelation, Microsoft initially dismissed the report, saying it could not reproduce the issue. This lack of action by the company raised additional concerns, as it meant that the vulnerability remained unaddressed, leaving millions of Outlook users potentially exposed to significant security risks.
In an interview with TechCrunch, Kokorin expressed frustration with the company’s initial response, mentioning that it was only after making the issue public that the company finally reopened its report and began working on a solution.
“I didn’t expect my post to provoke such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad. A lot of people misunderstood me and think I want money or something. “Actually, I just want companies to not ignore researchers and be more friendly when trying to help them,” the researcher said.
The specific bug allows hackers to send emails that appear to come from legitimate Microsoft addresses to other Outlook users. This means that criminals could exploit this vulnerability to send extremely convincing phishing emails, tricking recipients into revealing sensitive personal or corporate information, clicking on malicious links that could lead to fraudulent websites, or downloading files infected with malware.
The scope of this vulnerability is particularly concerning given that this platform is one of the most used email services worldwide, both in personal and business environments. Besides, The ease with which hackers can impersonate Microsoft corporate identities increases the risk of successful phishing attacks.
Following the public disclosure of the bug, the cybersecurity community has expressed concern and urged Outlook users to be extremely cautious when opening emails, especially those that appear to come from Microsoft or known corporate sources.
Users are advised to avoid clicking on suspicious links or downloading attachments from messages that appear unusual or unsolicited.
After public pressure and media coverage of the Kokorin discovery, Microsoft has recognized the seriousness of the problem and has announced that it is actively working on a solution to fix this vulnerability in Outlook.
However, until a full update is rolled out, users should remain vigilant and be aware of any suspicious communications or unusual behavior in their email accounts.
The best way to have security when using the service, is to keep automatic updates activated so that when a security patch is releasedthe application has the latest version.
