Security researchers have discovered an Outlook bug that could allow anyone to impersonate Microsoft corporate email accounts, and an urgent warning has been issued to about 400 million users of Outlook because the phishing vulnerability remains unpatched.  

Vsevolod Kokorin, a security researcher at Solidlab, first issued a warning about this email spoofing bug in a post on X (formerly Twitter) last week. He said he disclosed the problem to Microsoft only because the company dismissed his report after he said he was unable to reproduce his findings. Frustrated Kokorin took to X to warn others, while justifiably refusing to provide the technical details needed to exploit the vulnerability.   

As shown in a screenshot he shared, the bug was detected when sending an email to another Outlook user, and everyone said in the official Microsoft Corporate account update that Microsoft acknowledged the problem, but it remains unclear when the patch will be applied. He also told TechCrunch that Microsoft may have come across his tweet as it resumed 1 of the reports that Microsoft had submitted a few months ago. We have contacted Microsoft for comment and we will hear back and update this story. 

Given that bad actors need to email another Outlook account to exploit this bug, all 400 million Outlook users are at risk of phishing attempts from otherwise legitimate-looking Microsoft corporate accounts. We still don't know when the patch will be applied, but for Outlook users, there are some precautions you can take in the meantime to keep them safe. 

Unfortunately, it is largely summed up in the age-old advice of maintaining vigilance. If you receive a message that you believe is from Microsoft, we strongly recommend that you always pay attention to it. Kokorin has advised all Outlook users not to be tired and click on strange links when opening new emails. Consider also signing up for 1 of the best antivirus software solutions.Many of them have access to VPNs, password managers, and other additional features to help you stay safe online.