If you have an email account on Outlook, you may be vulnerable to a security flaw that cybercriminals could exploit to deceive you using techniques like phishing.
A security researcher has discovered a flaw in the Outlook system that could allow any infiltrator to impersonate accounts of Microsoft users.
This way, more than 400 million users using the Outlook service are currently at risk.
The flaw was discovered by security researcher SolidLab Vsevolod Kokorin, who initially notified on XSS, the old Twitter site, alerting users.
Unfortunately, Microsoft initially rejected his report. Fortunately, Microsoft later acknowledged the issue and is working on a solution.
I want to share my recent case:
> I found a vulnerability that allows sending a message from any user@domain
> We cannot reproduce it
> I send a video with the exploitation, a full PoC
> We cannot reproduce it
At this point, I decided to stop the communication with Microsoft. pic.twitter.com/mJDoHTn9Xv— slonser (@slonser_) June 14, 2024
– What is this Outlook error and how can you protect yourself
Using this flaw, any infiltrator can impersonate an official Microsoft account when sending an email to another Outlook user.
This is extremely dangerous as it could enhance phishing attacks by infiltrators. They can use this flaw to impersonate Microsoft accounts to send links or malicious files containing malware.
Therefore, until the flaw is resolved, you should be cautious of any emails purportedly sent from Microsoft itself as they may be from infiltrators.
