Microsoft Ignored Outlook Email Glitch: Security Expert
Expert says he found potential to impersonate Microsoft corporate emails
Bug affects Outlook users emailing other Outlook users
Says Microsoft is now ‘acknowledging’ the issue
Updated: Jun 22, 2024 / 10:24 PM CDT
A security expert revealed that after initially dismissing his warning about a bug in its Outlook email app, Microsoft has now "acknowledged the issue."
Discovery of the Glitch
Vsevolod Kokorin, a security specialist, discovered a glitch that could allow someone to impersonate official Microsoft accounts in certain conditions. He shared his warning on X after saying that Outlook technicians told him they couldn't reproduce the issue.
The bug, according to Kokorin, allows someone using Outlook to send an email to another Outlook user, making it appear as if it comes from a Microsoft corporate account. 400 million people use Outlook accounts.
“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told the website TechCrunch in an online chat.
Real-life Example of the Bug
Kokorin demonstrated the bug to TechCrunch by sending an email that read, "Hi! It’s Microsoft security team. We are scamming you!!!" with the sender address shown as "security@microsoft.com."
Kokorin mentioned he followed up with Microsoft on June 15 but received no response.
On June 18, he posted on X: "I am grateful to everyone who reposted this post and offered me words of support. At this point, they have acknowledged the issue."
Microsoft's Silence
Microsoft has not responded to requests for comments from numerous media organizations.
In summary, a security bug in Outlook that can potentially impersonate official Microsoft emails has raised significant concerns. Although initially dismissed, Microsoft has now acknowledged the issue following public pressure and demonstrations by the security expert.
