Is There An Outlook Bug Allowing You To Spoof Any Email Domain?
We Definitely Need Scammers To Be Able To Spoof Emails Effectively
There may be a very disturbing Outlook bug which allows you to send emails that legitimately appear to be from any user@domain. The person who discovered this can only make it work with emails sent from Outlook to another Outlook account, which is not reassuring considering the programs widespread usage. The researcher immediately opened a ticket with Microsoft about this issue, only to be rebuffed with replies that Microsoft cannot reproduce the issue.
If you’ve ever created a Microsoft support ticket, then you are unlikely to be reassured by that response from their support team. There is a very good chance you’ve been tormented with bugs that definitely exist but which Microsoft denies the existence of. On the other hand, no technical details have been provided to anyone apart from a Tweet showing a spoofed email. We don’t know if the spoofed email would pass SPF or DKIM, or if it’s simply a bug in how the email address is displayed. There is also no indication if you can successfully reply to the spoofed address.
Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn't reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.
More Tech News From Around The Web
- AMD investigates breach after data for sale on hacking forum @ Bleeping Computer
- VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug @ The Register
- Microsoft says bug causes Windows 10 apps to display Open With dialogs @ Bleeping Computer
- Apple’s Macintosh 128K on a Pi Pico gets thumbs-up from Upton @ The Register
- TSMC chip plant construction halted by discovery of archaeological ruins @ The Register
- ASUS AI Servers at Computex 2024 @ ServeTheHome
