Cybersecurity researchers have detailed four security flaws in Microsoft Teams that could expose users to serious impersonation and social engineering attacks.
Check Point said in a report shared with Hacker News that the vulnerability “allowed an attacker to manipulate conversations, impersonate co-workers, and exploit notifications.”
After responsible disclosure in March 2024, some issues were addressed by Microsoft in August 2024 under CVE CVE-2024-38197, with subsequent patches published in September 2024 and October 2025.
Simply put, these shortcomings make it possible to change the content of a message without leaving the “edited” label and sender ID, or to change the message’s apparent sender by changing the receipt. This allows attackers to trick victims into opening malicious messages by making them appear to come from trusted sources, including key executives.
This attack targets both external guest users and internal malicious actors and poses significant risks by compromising security boundaries and allowing potential targets to take unintended actions, such as clicking malicious links sent within messages or sharing sensitive data.
Additionally, this flaw allowed attackers to change the display name of a private chat conversation by changing the topic of the conversation, or arbitrarily change the display name used in call notifications and during calls, allowing an attacker to forge the identity of the caller in the process.
“Taken together, these vulnerabilities demonstrate how attackers can compromise the fundamental trust that makes collaborative workspace tools effective, turning Teams from a business enabler to a vector of deception,” the cybersecurity firm said.
Microsoft describes CVE-2024-38197 (CVSS score: 6.5) as a medium-severity impersonation issue affecting Teams for iOS. This could allow attackers to change the sender name of Teams messages and potentially leak sensitive information through social engineering tactics.
The findings come as attackers are exploiting Microsoft’s enterprise communications platform in a variety of ways, including gaining access to targets and posing as support personnel to grant remote access or persuade them to execute malicious payloads.
“Microsoft Teams’ extensive collaboration capabilities and global adoption make it a high-value target for both cybercriminals and state-sponsored actors,” Microsoft said in an advisory released last month, noting that its messaging (chat), calling, conferencing, and video-based screen sharing capabilities are weaponized at various stages of the attack chain.
“These vulnerabilities go to the heart of digital trust,” Oded Vanunu, head of product vulnerability research at Check Point, told Hacker News in a statement. “Collaboration platforms like Teams are now as important as email and just as important as being public.”
“Our research shows that attackers no longer need to penetrate; they only need to distort trust. Organizations now need to protect not just what their systems process, but what people believe. Seeing is no longer believing, but verifying.”
Source link
