Key Takeaways
- The four flaws would have allowed impersonations, message manipulation, and altered notifications.
- They’ve all been patched up already, so these problems are no longer a threat today.
- Microsoft Teams is used by more than 320 million monthly active users.
Impersonating executives, manipulating messages, altering notifications, and forging identities in video chats? You might be a hacker aware of the latest vulnerabilities in Microsoft Teams.
That’s according to a new report from Check Point Research that found four different critical flaws in the popular software used by more than 320 million people worldwide.
Don’t get too worried, though. The researchers reported it all to Microsoft last year, and all issues have now been successfully addressed and fixed. Here’s what to know.
What the Flaws Made Possible
The potential fallout from all the issues could have been massive. According to Check Point’s full report, the real-world risks cover “executive impersonation, financial fraud, malware delivery, misinformation campaigns, and disruption of sensitive communications.”
But what specifically did they find? Here’s the quick summary of how each of the four flaws worked:
This just in! View
the top business tech deals for 2025 👨💻
- Hackers could edit Teams messages while avoiding the “edited” label that’s intended to let everyone know if a message has been altered. This can allow them to trick users, or to fake a messaging history.
- They could also change message notifications, making them appear to be from another sender. This could be easily used for undetectable phishing attempts.
- Bad actors could also edit display names within private chats.
- They could even edit caller identities on both video and audio calls.
The Biggest Danger? Executive Impersonation
Paired with AI deepfakes and other modern hacker technologies, all these flaws definitely open the door for faked messages and complex impersonations.
The biggest potential risk? Executive impersonation and social engineering. Bad actors could have used these flaws to alter messages and caller IDs. As the researchers explained it:
“In private chats, a malicious guest user could impersonate someone internal, such as a finance department member. Notifications can be spoofed to display a false sender name, preying on the instinct to trust official-looking notifications, potentially from authority figures or top executives.” – Check Point spokesperson
Their team disclosed all these vulnerabilities to Microsoft back on March 23rd, 2024, and by late October, all vulnerabilities had been fixed.
Staying Safe at Work
Granted, these types of flaws are concerning even when they have been fixed. The fact that a business software used by hundreds of millions of people could have undermined trust so deeply is troubling.
After all, entirely avoiding social engineering, scams, and phishing attacks is impossible even under the best circumstances. We recommend taking plenty of precautions for your own company, from multi-factor authentication to password managers to regular training lessons on the value of checking for spelling errors or unusual activity from internal emails.
When you can’t trust your own business software to tell you when a message was edited or who’s calling for a video chat, even those defenses start to look shaky. Here’s hoping it’s all fixed for good.
