Header image

Researcher Publicly Discloses Email Spoofing Bug

Microsoft dismiss vulnerability severity.


A vulnerability has been disclosed that would allow anyone to impersonate a Microsoft corporate email account.

Researcher Vsevolod Kokorin, known online as Slonser, disclosed the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. 

Talking to TechCrunch, Kokorin said the bug only works when sending the email to Outlook accounts - a potential pool of 400 million users globally.

The bug had not been patched at the time of publishing, but to demonstrate its potential, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team.


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.