Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history

Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.

Researchers at Check Point this week revealed four flaws in Teams that, if exploited, could have fundamentally broken the trust that underpins communication inside organizations. Together, they made it possible to alter messages without the "Edited" label, spoof alerts to make them appear from trusted colleagues, rename chats to change who they appeared to be with, and even forge caller identities in audio or video calls.

With more than 320 million monthly users relying on Teams for everything from financial approvals to boardroom decisions, the implications were significant. 

"These vulnerabilities hit at the heart of digital trust," said Oded Vanunu, chief technologist and head of product vulnerability research at Check Point Software. "Threat ...