New Security Flaw Enables Access to Microsoft Corporate Email Accounts

Home/Compromised, Exploitation, Microsoft, Security Advisory, Security Update/New Security Flaw Enables Access to Microsoft Corporate Email Accounts

New Security Flaw Enables Access to Microsoft Corporate Email Accounts

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft.

Kokorin revealed the issue on X (formerly Twitter) after Microsoft dismissed his report. To prove the flaw, Kokorin sent an email to TechCrunch that seemed to come from Microsoft’s account security team.

The bug targets Outlook accounts, affecting at least 400 million users globally, according to Microsoft’s latest earnings report. Kokorin expressed frustration with Microsoft’s response, saying, “They claimed they couldn’t reproduce it without details. However, after my tweet, they reopened an old report I submitted months ago.”

Kokorin refrained from sharing technical details that could facilitate exploitation. This vulnerability poses significant risks, enabling attackers to send phishing emails that appear to be from legitimate Microsoft accounts, thus increasing their credibility and potential impact.

This issue compounds Microsoft’s recent security challenges, including breaches by state-sponsored hackers from China and Russia.

In response, Microsoft President Brad Smith testified before the House Homeland Security Committee, committing to prioritize cybersecurity and address the company’s security flaws.

This commitment comes in the wake of several notable breaches, such as the theft of U.S. federal government emails by Chinese hackers and the compromise of Microsoft corporate email accounts by Russian hackers.

As of now, it’s uncertain if anyone other than Kokorin has exploited the bug. Microsoft has yet to comment on the matter, and the vulnerability poses a considerable risk to Outlook users globally.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-06-25T05:38:36+05:30 June 21st, 2024|Compromised, Exploitation, Microsoft, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!