A group of cybersecurity researchers has recently revealed details about four security vulnerabilities discovered within Microsoft Teams. These flaws were significant because they could have exposed users to severe impersonation and social engineering attacks, compromising the integrity of communications within the platform. The firm that uncovered the issues stated that the vulnerabilities specifically “allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications.”
After the issues were responsibly disclosed in March 2024, Microsoft began addressing them. Some of the problems were initially resolved in August 2024 and tracked under the identifier CVE-2024-38197. Subsequent patches were then rolled out in both September 2024 and October 2025 to fully mitigate the risks across the platform.
In essence, these security gaps made it possible for an attacker to alter the content of a message without triggering the standard “Edited” label, and to completely change the sender’s identity. The vulnerabilities also allowed manipulation of incoming notifications to change the apparent sender. This technique enables a malicious actor to trick victims into opening harmful messages by making them appear to come from a highly trusted source, such as a C-suite executive. The attack, which can be executed by both external guests and internal malicious users, poses a grave risk by undermining security boundaries and potentially leading targets to perform unintended actions, like clicking malicious links or sharing sensitive data.
Furthermore, the flaws allowed attackers to change display names in private chat conversations by modifying the conversation topic. The vulnerability also extended to call notifications and active calls, making it possible to arbitrarily modify display names and effectively forge caller identities during a call. The discovering company emphasized, “Together, these vulnerabilities show how attackers can erode the fundamental trust that makes collaboration workspace tools effective, turning Teams from a business enabler into a vector for deception.” Microsoft officially described the main issue, CVE-2024-38197 (CVSS score: 6.5), as a medium-severity spoofing issue impacting Teams for iOS.
These findings highlight a growing trend where malicious actors are increasingly abusing Microsoft’s enterprise communication platform. Attackers are now using Teams for various purposes, including persuading targets to grant remote access or execute malicious code, often under the guise of support personnel. In an advisory, Microsoft acknowledged that the platform’s “extensive collaboration features and global adoption… make it a high-value target for both cybercriminals and state-sponsored actors.” The company stressed that its chat, calls, meetings, and screen-sharing features are all being weaponized at different stages of the attack chain. A security researcher noted that these vulnerabilities “hit at the heart of digital trust,” arguing that platforms like Teams are now “as critical as email and just as exposed.”
Reference:
