An urgent warning has been issued to Outlook’s 400 million users after a bug that allows email spoofing was discovered.
A SolidLab security researcher shared his findings on X and revealed that the vulnerability allows anyone to impersonate accounts, allowing criminals to send malicious emails to other users.
Vsevolod Kokorin did a demonstration that showed he was able to spoof Microsoft’s security email account.
The expert has advised all Outlook users to be careful when opening new emails and, in particular, to avoid clicking on strange links.
An urgent warning has been issued to Outlook’s 400 million users after a bug that allows email spoofing was discovered.
Outlook is one of the most used email services worldwide and has more than 40 percent market share in the email management market.
However, Microsoft’s service is the most used for companies.
Kokorin said TechCrunch which reported the flaw to Microsoft shortly after discovering it months ago, but said the company ignored its findings.
Microsoft allegedly told the security expert that it could not replicate his findings.
The response led Kokorin to send a demo video to the company showing how the attack was carried out and to make his discovery public on X.
“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told TechCrunch. “Microsoft may have noticed my tweet because a few hours ago they reopened (sic) one of my reports that I had sent several months ago.”
TechCrunch claimed to have received a fake email from Kokorin, confirming that the bug exists.
DailyMail.com has contacted Microsoft for comment.
However, Kokorin noted that he previously sent other problems he found to Microsoft and that the company was receptive.
A SolidLab security researcher shared his findings on X and revealed that the vulnerability allows anyone to impersonate accounts, allowing criminals to send malicious emails to other users.
KoKorin has declined to reveal how the flaw can be exploited, but it only works when sending emails from one Outlook account to another.
The issue comes just two months after Microsoft CEO Satya Nadella announced a massive overhaul to ensure security is the company’s top focus.
In an internal memo, obtained by The Verge, Nadella shared how security was now Microsoft’s “top priority.”
“If you are faced with a trade-off between security and another priority, your answer is clear: deal with security,” Nadella wrote.
“In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
However, Microsoft has not yet made a formal announcement regarding the bug found by KoKorin.