400 million Outlook users at risk from security bug — what you need to know

News
By published

Newly discovered email spoofing bug lets bad actors impersonate Microsoft corporate accounts

Outlook
(Image credit: Shutterstock)

A security researcher has uncovered a bug in Outlook that could allow anyone to impersonate Microsoft corporate email accounts, giving phishing attempts an air of legitimacy to trick unsuspecting targets. An urgent warning has been issued to Outlook's roughly 400 million users as the vulnerability remains unpatched.  

Vsevolod Kokorin, a security researcher at SolidLab, first sounded the alarm about this email spoofing bug in a post on  X (formerly Twitter) last week. He said he disclosed the issue to Microsoft, only for the company to dismiss his report after saying it couldn't reproduce his findings. Frustrated, Kokorin took to X to warn others while rightly refusing to provide the technical details needed to exploit the vulnerability.   

As demonstrated in screenshots he shared, the bug lets anyone impersonate an official Microsoft corporate account when sending an email to another Outlook user. In an update, he said that Microsoft has acknowledged the issue, though a timeline for when it'll be patched remains unclear. He also told TechCrunch that Microsoft may have come across his tweet, as it has since reopened one of the reports he submitted several months ago. We've reached out to Microsoft for comment and will update this story once we hear back. 

How to protect yourself from new Outlook spoofing bug

Given that bad actors only need to email another Outlook account to exploit this bug, all 400 million Outlook users are at risk of phishing attempts from otherwise legitimate look Microsoft corporate accounts. While we don't know yet when it'll be patched, if you're an Outlook user, there are some precautions you can take in the meantime to stay safe. 

Unfortunately, it mostly boils down to the age-old advice of staying vigilant. It's highly recommended that you stay alert to any messages you receive that appear to be from Microsoft. Kokorin has advised all Outlook users to be weary when opening new emails and to avoid clicking on strange links. Consider signing up for one of the best antivirus software solutions as well, many of which give you access to a VPN, password manager and other extras to help you stay safe online.

More from Tom's Guide

See more Computing News
TOPICS
Alyse Stanley
Alyse Stanley
News Editor

Alyse Stanley is a news editor at Tom’s Guide, overseeing weekend coverage and writing about the latest in tech, gaming, and entertainment. Before Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk and has written game reviews and features for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and roller skating.

More about online security
Apple iPhone 16 held in the hand.

Stop everything and update your iPhones, iPads and Macs — Apple issues critical fix for zero-day exploits
Zoom call on MacBook

Fake Zoom installer tries to trick users into installing dangerous ransomware – here’s how to stay safe
A Chatbook photo book open on a kitchen counter

Chatbooks review: Simply great
See more latest
Most Popular
Microsoft Copilot
Microsoft Copilot+ PCs with Snapdragon just got a key upgrade as AMD and Intel models play catch-up
Sofia Carson as Alex and Kyle Allen as Brad in "The Life List" coming soon to Netflix
Netflix top 10 movies — here’s the 3 worth watching right now
New 2025 Helix Midnight Luxe Mattress on a low profile bed base with mirrors and nightstands on either side
Helix has revamped its entire mattress collection — here's what's new
Spider-Man (Tom Holland) crouches on top of a car in a scene from "Spider-Man: No Way Home"
‘Spider-Man 4’ just got an official title and release date — ‘Brand New Day’ promises a ‘fresh start’
using your phone at night
Can’t sleep? Your phone could be causing your insomnia, study shows
Lionel Messi #10 of Inter Miami CF competes for the ball with Indiana Vassilev #19 of Philadelphia Union during a Major League Soccer match ahead of the CONCACAF Champions Cup quarter finals 2025 (Photo by Chris Arjoon/Icon Sportswire via Getty Images)
Watch CONCACAF Champions Cup live streams from anywhere — TV channel, free streams, fixtures, quarter-finals
NEWARK, NEW JERSEY - MARCH 29: Cooper Flagg #2 of the Duke Blue Devils moves the ball against the Alabama Crimson Tide during the second half of an Elite Eight game in the men's NCAA basketball tournament at Prudential Center on March 29, 2025 in Newark, New Jersey. (Photo by Lance King/Getty Images)
Duke vs Houston live stream: How to watch March Madness Final Four game online, what TV channel is it on?
Johni Broome #4 of the Auburn Tigers shoots the ball during the Elite Eight round of the 2025 NCAA Men's Basketball Tournament, setting up the Auburn vs Florida Final Four March Madness game (Photo by Isaac Wasserman/NCAA Photos via Getty Images)
Auburn vs Florida live stream: How to watch March Madness game online, TV channel, start time
A woman sleeping on her front looking towards the camera in bed looking tired from not sleeping
Increased depression, poor sleep quality and higher alcohol intake — is your late night worth it?
A blonde woman laying on her stomach on Naturepedic mattress topper on mattress with rattan headboard
Naturepedic unveil new mattress toppers that promise to add organic, cloud-like comfort to your bed