A security researcher has discovered a security vulnerability in Microsoft’s infrastructure. The bug allows hackers to imitate Microsoft corporate email accounts. This increases the risk of phishing attacks to a large degree.
Security researcher Vsevolod Kokorin discovered this loophole. He admitted that Microsoft hadn’t resolved this vulnerability.
Kokorin revealed the security issue on X, the former Twitter. He did this after the company dismissed his initial report. Microsoft claimed they couldn’t reproduce the issue.
The security expert demonstrated the vulnerability by sending an email to TechCrunch. The email appeared to be from Microsoft’s account security team.
The new bug affects emails sent to Outlook accounts. The email application has a user database of around 400 million people worldwide. The numbers are from Microsoft’s latest earnings report.
Microsoft’s lack of response has frustrated Kokorin. He expressed his disappointment at the company’s dismissal without providing any details. Kokorin said Microsoft had noticed his tweet. He said the company reopened one of his previous reports.
Kokorin hasn’t provided any technical details about the bug.
The new bug has serious implications. It reportedly allows threat actors to send phishing emails. These appear to come from legitimate Microsoft corporate accounts. It makes the emails look more convincing. It also makes them more harmful.
The discovery adds another point against the recent security challenges Microsoft has faced. This includes data breaches by state-sponsored hackers from China and Russia.
These security issues have resulted in Microsoft President Brad Smith testifying before Homeland. Smith promised the security committee that he would focus on cybersecurity. He also pledged to address the company’s security issues.
