Security bug allows anyone to spoof Microsoft employee emails

  • Vsevolod Kokorin (also known as Slonser online) disclosed an email spoofing vulnerability he discovered on X (formerly Twitter) and reported the issue to Microsoft.
  • Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers.

The incident sparked a discussion about vulnerability disclosure and technical details made public. The technical community often has different positions on the disclosure of security vulnerabilities, either by reporting the issue to the vendor to facilitate a fix, and by avoiding disclosing enough details to prevent hackers from exploiting it. In this case, Kokorin’s approach not only increases the transparency of vulnerability disclosure, but also protects users and enterprises from potential threats.

–Revel Cheng, BTW reporter

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets.

What happened

Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.

“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin said. “Microsoft might have noticed my tweet because a few hours ago they reopen one of my reports that I had submitted several months ago.”

While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers.

Last week, Microsoft president Brad Smith testified in a House hearing after China stole a tranche of U.S. federal government emails from Microsoft’s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments.

Also read: Microsoft invests in $7B data centre in Spain

Also read: Apple surpasses Microsoft to become world’s most valuable company

Why it’s important

The vulnerability reportedly affects Outlook accounts, which still have some 400 million users. So, the attack surface is fairly large. By spoofing major brands such as Microsoft, threat actors could create convincing and highly dangerous phishing emails, so the threat coming from this vulnerability is real.

However, it is currently unknown if Slonser was the first one to find it, or if someone else already discovered it and abused it in attacks.

Microsoft has recently faced criticism after a series of security mishaps that allowed Chinese threat actors to access emails belonging to high-ranking US government employees. As a result, Microsoft announced a full overhaul of its security practices, and claimed to have placed cybersecurity “above all else”.

The incident not only damaged Microsoft’s reputation, but also raised deeper concerns about data security in the public and corporate sectors.


Revel Cheng

Revel Cheng is an intern news reporter at Blue Tech Wave specialising in Fintech and Blockchain. She graduated from Nanning Normal University. Send tips to

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *