Cybersecurity researchers revealed four critical security flaws in Microsoft Teams that expose users to serious impersonation and social engineering attacks.
According to Check Point, the vulnerabilities “allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,”.
After the responsible disclosure in March 2024, Microsoft addressed several of the issues in August 2024 under CVE-2024-38197 and released additional patches in September 2024 and October 2025.
In essence, these shortcomings enable attackers to alter message content without displaying the “Edited” label or revealing the sender’s true identity. They also allow modifications to incoming notifications to change the apparent sender, tricking victims into opening malicious messages disguised as communications from trusted individuals, including high-profile C-suite executives.
Moreover, the attack targets both external guest users and internal malicious actors. It creates severe risks by undermining security boundaries and prompting victims to take unintended actions—such as clicking on malicious links or sharing sensitive data.
Additionally, the flaws let attackers modify display names in private chats by changing the conversation topic. They also enable arbitrary alterations of display names in call notifications and during active calls, which helps attackers forge caller identities.
“Together, these vulnerabilities show how attackers can erode the fundamental trust that makes collaboration workspace tools effective, turning Teams from a business enabler into a vector for deception,” the cybersecurity company explained.
Microsoft classifies CVE-2024-38197 (CVSS score: 6.5) as a medium-severity spoofing issue in Teams for iOS. The flaw lets attackers change a sender’s name in Teams messages, potentially Tricking recipients into Revealing sensitive data through social engineering ploys.
These findings emerge as threat actors increasingly abuse Microsoft’s enterprise communication platform to approach targets and convince them to grant remote access or execute Malicious Payloads Disguised as support tasks.
In an Advisory released last month, Microsoft Emphasized that the “extensive collaboration features and global adoption of Microsoft Teams make it a High-value target for both Cybercriminals and State-sponsored actors.” The company also noted that its chat, call, meeting, and Video-sharing features serve as attack vectors at various stages of the threat chain.
“These vulnerabilities hit at the heart of digital trust,” said Oded Vanunu, head of product vulnerability research at Check Point. “Collaboration platforms like Teams are now as critical as email and just as exposed.”
He further added, “Our research shows that threat actors don’t need to break in anymore; they just need to bend trust. Organizations must now secure what people believe, not just what systems process. Seeing isn’t believing anymore, verification is.”
Source: TheHackerNews
Read more at Impreza News
