- Security Threat: 400 million Outlook users at risk due to email spoofing vulnerability
- Research Findings: SolidLab’s Vsevolod Kokorin demonstrated spoofing Microsoft’s security email
- Microsoft’s Response: Initially ignored, now re-investigating following public disclosure
An urgent warning has been issued to all 400 million Outlook users after discovering a problem allowing for email spoofing.
A security researcher from SolidLab released his findings on X, indicating that the vulnerability allows anyone to mimic accounts, allowing bad actors to send malicious emails to other users.
Vsevolod Kokorin demonstrated how he could spoof Microsoft’s security email account.
The expert has encouraged all Outlook users to exercise caution when opening new emails, particularly when clicking on unusual links.
Outlook is one of the world’s most popular email services, accounting for over 40% of the email management industry.
However, Microsoft is the most widely utilised service in business.
Kokorin told TechCrunch that he had disclosed the problem to Microsoft months after discovering it, but the corporation had ignored his findings.
Microsoft informed the security expert that it could not duplicate its results.
Kokorin sent the corporation a demonstration video of how the hack was carried out and made his discoveries public on X.
‘Microsoft simply said they couldn’t duplicate it without providing any data,’ Kokorin told TechCrunch. ‘Microsoft may have seen my tweet a few hours ago, and they reopened [sic] one of my reports I sent several months ago.
TechCrunch claimed to have received a phoney email from Kokorin that confirmed the bug’s existence.
DailyMail.com contacted Microsoft for comment.
However, Kokorin stated that he had previously brought other vulnerabilities he discovered to Microsoft, and the business was responsive.
KoKorin has declined to divulge how to exploit the issue, which only works when transferring emails from one Outlook account to another.
“Take a step towards financial freedom – claim your free Webull shares now!”
The vulnerability arises barely two months after Microsoft CEO Satya Nadella vowed a considerable makeover to ensure security remains the company’s top priority.
In an internal memo acquired by The Verge, Nadella explained that security was now Microsoft’s ‘top priority.’
‘If you have to choose between security and another priority, the answer is clear: do security,’ Nadella wrote.
In some circumstances, this will entail putting security ahead of other things we do, including introducing new features or maintaining continued support for legacy systems.
However, Microsoft has yet to make a public notification about the problem discovered by KoKorin.