An urgent warning has been issued to all the 400 million Outlook users after an bug was uncovered that lets enables email spoofing.
A security researcher at SolidLab shared his findings on X, revealing the vulnerability lets anyone impersonate accounts – allowing bad actors to send malicious emails to other users.
Vsevolod Kokorin provided a demonstration that showed he was able to spoof Microsoft’s security email account.
The expert has advised all Outlook users to be weary when opening new emails, specifically avoid clicking on strange links.
An urgent warning has been issued to all the 400 million Outlook users after an bug was uncovered that lets enables email spoofing
Outlook is one of the most widely used email services worldwide, holding more than 40 percent market share in the email managing market.
However, the Microsoft service is the most commonly used for business.
Kokorin told TechCrunch that he reported the flaw to Microsoft shortly after uncovering it months ago, but said the company disregarded his findings.
Microsoft allegedly told the security expert that it could not replicate his findings.
The response led to Kokorin sending a demonstration video to the company showing how the attack was carried out and making his discovery public on X.
‘Microsoft just said they couldn’t reproduce it without providing any details,’ Kokorin told TechCrunch. ‘Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.’
TechCrunch claimed to have received a spoof email from Kokorin, confirming the bug exists.
DailyMail.com has contacted Microsoft for comment.
However, Kokorin noted that he has previously sent other issues he found to Microsoft and the company was receptive.
A security researcher at SolidLab shared his findings on X, revealing the vulnerability lets anyone impersonate accounts – allowing bad actors to send malicious emails to other users
KoKorin has refused to reveal how the flaw can be exploited, but it only works when sending emails from one Outlook account to another.
The issue comes just two months after Microsoft CEO Satya Nadella announced a massive overhaul to ensure security is the company’s main focus.
In an internal memo, obtained by The Verge, Nadella shared how security was now Microsoft’s ‘top priority.’
‘If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,’ Nadella wrote.
‘In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.’
However, Microsoft has yet to make a formal announcement regarding the bug found by KoKorin.
***
Read more at DailyMail.co.uk