- Microsoft Teams flaws allowed messages to be edited, alerts spoofed, and caller identity spoofed.
- Attackers can use these errors for phishing, email fraud, and malware delivery.
- Microsoft has fixed CVE-2024-38197; no user action required, patches after October 2025
Experts found Microsoft Teams contained multiple vulnerabilities that allowed attackers to edit messages, spoof notifications, and change usernames, opening it up to a variety of phishing and social engineering attacks, exposing users to the risk of data theft, wire fraud, and malware and ransomware infections.
In the new reportCheck Point Research experts spoke in detail about the shortcomings of the popular online collaboration platform, noting that attackers can reuse unique identifiers in Microsoft Teams messaging system that changes the content of previously sent messages without activating the “Redacted” label.
“Sensitive conversations may be altered after the fact, undermining trust in records and decisions,” the team warned.
Changing the mechanics of trust
The researchers noted that notifications on both mobile devices and desktop computers can be manipulated to make them appear as if the alert is coming from a trusted manager or colleague, and this can easily be used in phishing attacks.
They also found a way to change the display name in private chat by changing the topic of the conversation. “Both participants see the changed topic as the title of the conversation, potentially misleading them about the context of the conversation.”
Finally, they discovered that the display name used in call notifications (and later during a call) can be changed through “specific manipulation of call initiation requests,” allowing attackers to spoof the caller's identity.
“Attackers can corrupt the very trust mechanisms that make Teams effective, turning collaboration into an attack vector,” Check Point said, warning that these flaws could be exploited in phishing attacks.
To combat the threat, Microsoft first designated the vulnerabilities as CVE-2024-38197 and released a “patching series” that ended in October 2025. At the time of publication, all deficiencies have been resolved and no user action is required.
The best antivirus for any budget
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
