A Serious Caution to All 400 million Outlook Following the Discovery of Email Issue

By Consultants Review Team Saturday, 22 June 2024

400 million Outlook users have all received an urgent warning after a flaw allowing email spoofing was discovered.

An X vulnerability was disclosed by a security researcher at SolidLab. This vulnerability permits account impersonation, which enables malevolent actors to send harmful emails to other users.

In a presentation, Vsevolod Kokorin proved that he could mimic the secure email account from Microsoft.

All Outlook users have been cautioned by the expert to use caution when opening new emails, especially when clicking on unfamiliar links.  With more than 40% of the market for email management, Outlook is one of the most popular email services in the world.

But when it comes to business, Microsoft is the most often utilized service.

When Kokorin discovered the bug months ago, he immediately reported it to Microsoft, but the corporation ignored his findings, he told TechCrunch. The security expert said that Microsoft informed him that it was unable to duplicate his results.

In reaction, Kokorin made his research available to the public on X and sent a demonstration film demonstrating the attack's methodology to the corporation.

Kokorin told TechCrunch, "Microsoft just said they couldn't reproduce it without providing any details." "It's possible that Microsoft saw my tweet because they reopened one of my reports that I submitted several months ago a few hours ago."

According to TechCrunch, Kokorin sent a counterfeit email attesting to the bug's existence.

Microsoft has been approached by DailyMail.com for comment.

Kokorin did point out that he had previously contacted Microsoft about other problems he had seen, and the corporation had responded well.

The attack, which only functions when transferring emails from one Outlook account to another, is not disclosed by KoKorin. The problem has arisen only two months after Microsoft CEO Satya Nadella declared a significant reorganization aimed at making security the company's top priority.

The Verge was able to get an internal message from Nadella in which he discussed how security was now Microsoft's "top priority. Your answer is clear: Do security if you have to choose between security and another priority," Nadella wrote.

"In certain situations, this will entail putting security ahead of other things we do, like introducing new features or continuing to support legacy systems." 

Microsoft hasn't officially announced anything about the flaw discovered by KoKorin yet, though.

Current Issue