Critical Microsoft Teams Flaw Lets Hackers Manipulate Messages and Notifications

Check Point Research has uncovered four critical security vulnerabilities in Microsoft Teams that could fundamentally compromise trust in one of the world’s most widely used communication platforms.

These flaws enable both external attackers and malicious insiders to impersonate executives, alter messages without detection, spoof notifications, and forge caller identities during video and audio calls.

With 320 million monthly active users relying on Teams for business communications, these vulnerabilities pose a significant risk to organizations globally.

The research team demonstrated that attackers could weaponize Teams’ core messaging and calling functions through multiple attack vectors.

By manipulating specific parameters within the platform’s architecture, threat actors could craft convincing impersonations of trusted colleagues and authority figures, exploiting the psychological urgency that typically accompanies communications from senior leadership.

How Attackers Can Exploit These Vulnerabilities

The vulnerabilities identified by Check Point Research reveal sophisticated exploitation methods that could devastate organizational security.

Attackers discovered they could edit messages without leaving any audit trail by manipulating the clientmessageid parameter, making malicious content appear as legitimate communications from trusted sources.

Beyond message editing, the research demonstrated the ability to spoof message notifications entirely, presenting false sender identities that exploit human psychology and the automatic trust placed in executive communications.

In private chat conversations, attackers could manipulate conversation parameters to alter display names, completely deceiving both parties about whom they’re actually communicating with.

Perhaps most alarming, the research showed that call initiation requests could be modified to forge caller identities, allowing attackers to present as any chosen individual during sensitive video or audio calls.

These capabilities create significant operational risks for organizations targeted by nation-state actors and sophisticated cybercriminal groups.

Executive impersonation becomes highly plausible when attackers can convincingly appear as CEOs or financial directors through spoofed notifications and manipulated messages.

Threat actors could leverage these flaws to deliver malware by crafting urgent-looking messages from trusted authority figures, directing employees to click on malicious links or download infected files.

Credential harvesting attacks become substantially more effective when attackers impersonate internal personnel, particularly finance department members, tricking employees into revealing sensitive authentication information or access credentials.

The ability to manipulate call identities could enable attackers to disrupt sensitive briefings by posing as legitimate participants, causing confusion or extracting classified information from unsuspecting attendees.

CVE ID	Vulnerability Type	Affected Products	CVSS Score	Description
CVE-2024-38197	Spoofing / Notification Manipulation	Microsoft Teams (Web, iOS, Android)	6.5 (Medium)	Improper input validation allowing attackers to spoof message sender identity and alter notifications

Check Point Research responsibly disclosed these vulnerabilities to Microsoft on March 23, 2024. Microsoft acknowledged the report and committed to investigating the reported behavior.

The company subsequently addressed each vulnerability across different timelines throughout 2024 and early 2025.

Microsoft deployed patches addressing the message editing flaw on May 8, 2024, followed by fixes for display name manipulation on July 31, 2024.

The notification spoofing vulnerability was remediated on September 13, 2024, with the final caller identity spoofing flaw addressed by October 2025.

All vulnerabilities have been successfully patched, and Microsoft has automatically deployed updates across all Teams platforms. No user action is required as the fixes have been distributed universally.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today

The post Critical Microsoft Teams Flaw Lets Hackers Manipulate Messages and Notifications appeared first on Cyber Security News.