Attackers Exploit Microsoft Teams Flaws to Manipulate Messages and Fake Notifications
gbhackersCheck Point Research uncovered four critical vulnerabilities in Microsoft Teams that could allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities during video and audio calls.
The research team discovered that both external guest users and malicious insiders could exploit these security flaws, fundamentally undermining the trust that 320 million monthly active users place in the platform for daily business communications.
| CVE ID | Vulnerability Type | Affected Products | CVSS Score | Description |
| CVE-2024-38197 | Spoofing / Notification Manipulation | Microsoft Teams (Web, iOS, Android) | 6.5 (Medium) | Improper input validation allowing attackers to spoof message sender identity and alter notifications |
How Attackers Exploit Teams’ Core Functions
The vulnerabilities discovered by Check Point Research reveal multiple attack vectors that attackers could weaponize for targeted impersonation.
Attackers could edit messages without leaving any trace by manipulating the clientmessageid parameter, making malicious content appear as legitimate communications from trusted colleagues.
Additionally, the research ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE