A new Microsoft security exploit has been found, allowing basically anyone to impersonate Microsoft corporate email accounts, TechCrunch reported.
First discovered by security researcher Vsevolod Kokorin last week, the Microsoft bug allows people to use existing email addresses when sending emails to other Outlook accounts.
In a post on X (formerly Twitter), Kokorin showed how the bug even allows users to impersonate the Microsoft Security team, highlighting its potential risk for phishing attacks.
Microsoft Outlook supports at least 400 million active users worldwide.
As of writing, the bug is reportedly still present, although Microsoft seems to have already taken notice of Kokorin's X post.
Reports of a new Microsoft security vulnerability came just weeks after cybersecurity firm Kaspersky noted a Windows 10 exploit that could allow hackers to transfer malware into computers undetected.
Microsoft Faces Growing Security Scrutiny
The discovery of the new email-spoofing exploit came at a critical period for Microsoft as more security concerns mounted against the tech giant.
Just last week, Microsoft testified before the Senate following two separate major data breaches reported within 12 months, including a suspected China-led hacking that leaked government data.
Both of the reported incidents involved one of its employee accounts being compromised which led to the hackers accessing important company data and source code.
A scathing report from the Cyber Safety Review Board later criticized Microsoft for its "inadequate" security culture on an intrusion that is supposed to be "preventable and should never have occurred."
Microsoft has since vowed to put safety measures at the "No. 1 priority," but not before being scrutinized for its hack-prone AI-powered "Recall" feature in the upcoming Copilot+ PCs update.
Becoming Alert Against Phishing Attacks
With the rise of phishing and scamming schemes online, it is only important to remain alert against bogus accounts and impersonating legitimate businesses and officials.
One key giveaway to scammers is that they often would urge their victims to provide payment immediately to resolve a service or account issue.
To counter this strategy, always double-check with official customer support centers before sending any money online.