Microsoft Teams Vulnerabilities Expose Users to Impersonation Attacks
Full Transcript
Cybersecurity researchers have uncovered four significant security vulnerabilities in Microsoft Teams, which could expose users to serious impersonation and social engineering attacks. According to Check Point, these vulnerabilities allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications.
Following a responsible disclosure in March 2024, Microsoft addressed some of these issues in August 2024 under the CVE identifier CVE-2024-38197, with further patches rolled out in September 2024 and October 2025.
The vulnerabilities enable attackers to change message content without leaving an 'Edited' label or altering the sender's identity. This manipulation can trick victims into opening malicious messages that appear to come from trusted sources, including high-profile executives.
The attack vector is particularly concerning as it affects both external guest users and internal malicious actors, significantly undermining security boundaries. Potential victims could unknowingly click on malicious links or share sensitive data.
Furthermore, these flaws allowed attackers to modify display names in private chat conversations and change caller identities during calls. This capability enables attackers to forge identities, further eroding trust within the platform.
Microsoft described CVE-2024-38197 as a medium-severity spoofing issue affecting Teams for iOS, with a CVSS score of 6.5. This vulnerability could allow attackers to alter the sender's name in a Teams message, enhancing the likelihood of successful social engineering attacks.
The findings coincide with an increase in threat actors abusing Microsoft Teams to approach targets and persuade them to grant remote access or execute malicious payloads under the pretense of legitimate support.
Microsoft has highlighted that the extensive collaboration features of Teams make it a high-value target for cybercriminals and state-sponsored actors. According to their advisory, the messaging, calls, meetings, and video-based screen-sharing features are weaponized at various stages of the attack chain.
Oded Vanunu, head of product vulnerability research at Check Point, emphasized that these vulnerabilities strike at the core of digital trust, stating that collaboration platforms like Teams are now as critical as email and equally exposed.
The research indicates that threat actors no longer need to break into systems; they simply need to erode trust. Organizations must now secure what people believe, not just what systems process, highlighting the importance of verification in today's digital landscape.