- Microsoft Teams flaw allowed editing of messages, spoofed alerts, and spoofed caller identities
- Attackers can exploit these flaws for phishing, wire fraud, and malware delivery
- Microsoft patched CVE-2024-38197; no user action required after October 2025 fixes
Experts have found that Microsoft Teams contained several vulnerabilities that allowed threat actors to edit messages, spoof notifications, and change usernames, opening it up to various phishing and social engineering attacks, putting users at risk of data theft, wire fraud, and malware/ransomware infections.
In a new report, experts from Check Point Research detailed the flaws in the popular online collaboration platform, noting that attackers were able to reuse unique identifiers in the Microsoft Teams messaging system and change the content of previously sent messages without triggering the “Edited” label.
“Sensitive conversations can be altered after the fact, eroding trust in records and decisions,” the team warned.
Distortion of the mechanics of trust
The researchers noted that both mobile and desktop notifications could be manipulated to appear as if an alert came from a trusted manager or colleague, which could easily be used for phishing attacks.
Also, they found a way to change the display name in private chat conversations by changing the conversation topic. “Both participants see the changed topic as the name of the conversation, potentially misleading them about the context of the conversation.”
Finally, they found that the display name used in call notifications (and later on the call) could be changed through “specific manipulations of call initiation requests,” allowing attackers to spoof caller identities.
“Attackers can subvert the very trust mechanisms that make Teams effective, turning collaboration into an attack vector,” Check Point said, warning that these flaws are being exploited in phishing attacks.
To combat the threat, Microsoft first labeled the bugs as CVE-2024-38197 and rolled out a “series of fixes” that ended in October 2025. At press time, all the bugs have been fixed and no user action is required.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
