A cybersecurity researcher, Vsevolod Kokorin, discovered a bug that enables anyone to impersonate Microsoft corporate email accounts, significantly increasing the credibility of phishing attempts. Kokorin demonstrated this flaw by sending a convincing email to TechCrunch that appeared to come from Microsoft’s account security team. Despite reporting the issue to Microsoft, the company initially dismissed his findings, leading Kokorin to reveal the bug on social media without providing exploitative technical details.
Kokorin’s discovery highlights a significant security risk, particularly for Outlook users, a group comprising at least 400 million individuals globally. The bug has not yet been patched, and Microsoft’s inability to reproduce the issue has left many users vulnerable. Kokorin’s frustration with Microsoft’s response prompted him to publicize the bug, hoping to draw attention to the need for better cooperation between companies and independent researchers.
This incident is part of a broader pattern of security challenges for Microsoft, which has faced multiple breaches in recent years. High-profile cases include the theft of U.S. federal government emails by Chinese hackers and the infiltration of corporate email accounts by a Russian-linked hacking group. These incidents have led to increased scrutiny from federal regulators and congressional lawmakers, pressing Microsoft to strengthen its cybersecurity measures.
Microsoft’s recent security lapses, including failing to address critical vulnerabilities, have prompted pledges from company leadership to prioritize cybersecurity. During a recent House hearing, Microsoft president Brad Smith committed to improving the company’s security posture following several high-profile breaches. Kokorin’s discovery underscores the ongoing challenges Microsoft faces in securing its vast user base and the importance of collaboration with the cybersecurity community.
Reference:
