Article Details

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed. Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March 2024, some of the issues were addressed by Microsoft in August 2024 under the CVE CVE-2024-38197, with subsequent patches rolled out in September 2024 and October 2025. In a nutshell, these shortcomings make it possible to alter message content without leaving the "Edited" label and sender identity and modify incoming notifications to change the apparent sender of the message, thereby allowing an attacker to trick victims into opening malicious messages by making them appear as if they are coming from a trusted source, including high-profile C-suite executives. The attack, which covers both external guest users and internal malicious actors, poses grave risks, as it undermines security boundaries and enables prospective targets to perform unintended actions, such as clicking on malicious links sent in the messages or sharing sensitive data. On top of that, the flaws also made it possible to change the display names in private chat conversations by modifying the conversation topic, as well as arbitrarily modify display names used in call notifications and during the call, permitting an attacker to forge caller identities in the process. "Together, these vulnerabilities show how attackers can erode the fundamental trust that makes collaboration workspace tools effective, turning Teams from a business enabler into a vector for deception," the cybersecurity company said. Microsoft has described CVE-2024-38197 (CVSS score: 6.5) as a medium-severity spoofing issue impacting Teams for iOS, which could allow an attacker to alter the sender's name of a Teams message and potentially trick them into disclosing sensitive information through social engineering ploys. The findings come as threat actors are abusing Microsoft's enterprise communication platform in various ways, including approaching targets and persuading them to grant remote access or run a malicious payload under the guise of support personnel. Microsoft, in an advisory released last month, said the "extensive collaboration features and global adoption of Microsoft Teams make it a high-value target for both cybercriminals and state-sponsored actors" and that its messaging (chat), calls, and meetings, and video-based screen-sharing features are weaponized at different stages of the attack chain. "These vulnerabilities hit at the heart of digital trust," Oded Vanunu, head of product vulnerability research at Check Point, told The Hacker News in a statement. "Collaboration platforms like Teams are now as critical as email and just as exposed." "Our research shows that threat actors don't need to break in anymore; they just need to bend trust. Organizations must now secure what people believe, not just what systems process. Seeing isn't believing anymore, verification is."