Researcher Publicly Discloses Email Spoofing Bug

share
Header image

Researcher Publicly Discloses Email Spoofing Bug

share

Microsoft dismiss vulnerability severity.


A vulnerability has been disclosed that would allow anyone to impersonate a Microsoft corporate email account.

Researcher Vsevolod Kokorin, known online as Slonser, disclosed the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. 

Talking to TechCrunch, Kokorin said the bug only works when sending the email to Outlook accounts - a potential pool of 400 million users globally.

The bug had not been patched at the time of publishing, but to demonstrate its potential, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team.


Written by
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Vulnerabilities and Flaws Published: 21 June Written by
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Related content

ESET Aware of Malicious Email Campaign, Stresses It Was Not Compromised

ESET Aware of Malicious Email Campaign, Stresses It Was Not Compromised

 'Long Lived' Cloud Credentials Still Being Used

'Long Lived' Cloud Credentials Still Being Used

 Anonymous Sudan Dismantled in FBI-Led Takedown

Anonymous Sudan Dismantled in FBI-Led Takedown
Exploited Vulnerabilities Were Mostly Zero-Days

Exploited Vulnerabilities Were Mostly Zero-Days

 Largest Publicly Disclosed DDoS Attack Mitigated

Largest Publicly Disclosed DDoS Attack Mitigated

 CISOs Increasingly Move to Use SASE Technology

CISOs Increasingly Move to Use SASE Technology
North Korea Most Noted Sender of Targeted Malware

North Korea Most Noted Sender of Targeted Malware

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image image
Find out more chevron_right