Cybersecurity researchers at **Check Point** uncovered four critical vulnerabilities in **Microsoft Teams** (tracked as **CVE-2024-38197**, CVSS 6.5) that enabled attackers to manipulate conversations, impersonate high-profile executives (e.g., C-suite), and forge sender identities in messages, calls, and notifications. The flaws allowed malicious actors—both external guests and insiders—to alter message content without the 'Edited' label, modify display names in chats/calls, and exploit notifications to deceive victims into clicking malicious links or disclosing sensitive data. While Microsoft patched some issues between **August 2024 and October 2025**, the vulnerabilities eroded trust in Teams as a collaboration tool, turning it into a vector for **social engineering, data leaks, and unauthorized access**. The attack chain leveraged Teams’ messaging, calls, and screen-sharing features, enabling threat actors (including cybercriminals and state-sponsored groups) to bypass traditional defenses by exploiting **human trust** rather than technical breaches. Though no confirmed data breaches were reported, the risks included **credential theft, financial fraud, and reputational damage**—particularly if employees or customers fell victim to impersonation scams. Microsoft acknowledged Teams’ high-value target status due to its global adoption, warning that such spoofing attacks could escalate into broader **phishing campaigns or lateral movement** within corporate networks.
Source: https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html
TPRM report: https://www.rankiteo.com/company/microsoft
"id": "mic2711127110525",
"linkid": "microsoft",
"type": "Vulnerability",
"date": "8/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'All Microsoft Teams users '
'(especially iOS users for '
'CVE-2024-38197)',
'industry': 'Technology',
'location': 'Global',
'name': 'Microsoft',
'size': 'Large (Enterprise)',
'type': 'Corporation'},
{'industry': 'Multiple (all industries using Teams)',
'location': 'Global',
'name': 'Microsoft Teams Users',
'type': 'Individuals/Organizations'}],
'attack_vector': ['Message Content Manipulation',
'Sender Identity Spoofing',
'Notification Forgery',
'Display Name Modification in Chats/Calls',
'Malicious Link Distribution'],
'customer_advisories': 'Users advised to update Teams and exercise caution '
'with unexpected messages or calls.',
'date_publicly_disclosed': '2024-03',
'date_resolved': '2025-10',
'description': 'Cybersecurity researchers disclosed four security flaws in '
'Microsoft Teams that could expose users to impersonation and '
'social engineering attacks. The vulnerabilities allowed '
'attackers to manipulate conversations, impersonate '
'colleagues, and exploit notifications without leaving an '
"'Edited' label. Attackers could alter message content, sender "
'identity, and incoming notifications to trick victims into '
'opening malicious messages or sharing sensitive data. The '
'flaws also enabled modifying display names in private chats '
'and call notifications, forging caller identities. These '
'issues undermine trust in collaboration tools, turning Teams '
'into a vector for deception. Microsoft addressed some of the '
'vulnerabilities in August 2024 (CVE-2024-38197, CVSS 6.5), '
'with subsequent patches in September 2024 and October 2025.',
'impact': {'brand_reputation_impact': 'High (undermines trust in Microsoft '
'Teams as a secure collaboration '
'platform)',
'identity_theft_risk': 'High (if users disclose sensitive '
'information to impersonated attackers)',
'operational_impact': 'Erosion of digital trust in collaboration '
'tools, increased risk of phishing/social '
'engineering success, potential unauthorized '
'actions by tricked users (e.g., clicking '
'malicious links, sharing sensitive data)',
'systems_affected': ['Microsoft Teams (iOS)',
'Microsoft Teams (other platforms, implied)']},
'initial_access_broker': {'high_value_targets': 'C-suite executives '
'(impersonated in attacks)'},
'investigation_status': 'Resolved (patches released, vulnerabilities '
'addressed)',
'lessons_learned': ['Collaboration platforms like Teams are as critical as '
'email and equally exposed to social engineering risks.',
'Threat actors can exploit trust mechanisms without '
"needing to 'break in'—they only need to 'bend trust'.",
'Organizations must secure not just systems but also what '
'people believe (e.g., verification over visual trust).',
'Vulnerabilities in widely used tools like Teams can have '
'cascading impacts across global enterprises.'],
'motivation': ['Social Engineering',
'Data Theft',
'Malware Distribution',
'Unauthorized Access'],
'post_incident_analysis': {'corrective_actions': ['Microsoft patched the '
'vulnerabilities to prevent '
'spoofing and '
'impersonation.',
'Added stricter validation '
'for message edits and '
'sender identity changes.',
'Enhanced user education on '
'social engineering risks '
'in Teams.',
'Ongoing monitoring for '
'similar vulnerabilities in '
'collaboration tools.'],
'root_causes': ['Insufficient validation of '
'message edits and sender identity '
'changes in Teams.',
'Lack of tamper-evident indicators '
"(e.g., 'Edited' label bypass).",
'Over-reliance on visual trust '
'cues (e.g., display names) '
'without cryptographic '
'verification.',
'Collaboration features (e.g., '
'guest access, external sharing) '
'expanding the attack surface.']},
'recommendations': ['Apply Microsoft Teams patches promptly, especially for '
'CVE-2024-38197.',
'Educate users on verifying sender identities and message '
'authenticity (e.g., out-of-band confirmation for '
'sensitive requests).',
'Implement additional authentication for high-stakes '
'actions (e.g., multi-factor approval for data sharing).',
'Monitor for unusual message edits or notification '
'behaviors in Teams.',
'Assume collaboration tools are high-value targets and '
'layer defenses (e.g., behavioral analysis, anomaly '
'detection).'],
'references': [{'source': 'The Hacker News'},
{'source': 'Check Point Research Report'},
{'source': 'Microsoft Security Advisory (September 2024)'}],
'response': {'communication_strategy': ['Public disclosure by Check Point and '
'The Hacker News',
'Microsoft security advisory '
'(released in September 2024)'],
'containment_measures': ['Patches released in August 2024 '
'(CVE-2024-38197)',
'Subsequent patches in September 2024 '
'and October 2025'],
'incident_response_plan_activated': 'Yes (responsible disclosure '
'by Check Point, patch '
'development by Microsoft)',
'remediation_measures': ['Software updates for Microsoft Teams',
'Security advisories for users (e.g., '
'warning about social engineering '
'risks)'],
'third_party_assistance': 'Check Point (vulnerability research '
'and disclosure)'},
'stakeholder_advisories': 'Microsoft and Check Point issued advisories '
'warning about the risks and urging patching.',
'title': 'Microsoft Teams Spoofing and Impersonation Vulnerabilities '
'(CVE-2024-38197)',
'type': ['Spoofing',
'Impersonation',
'Social Engineering',
'Vulnerability Exploitation'],
'vulnerability_exploited': ['CVE-2024-38197 (CVSS 6.5: Medium)',
'Three additional undisclosed vulnerabilities '
'(details not specified)']}