Researchers at Check Point disclosed four critical vulnerabilities in Microsoft Teams that allowed attackers to impersonate executives, alter chat history, and forge notifications or caller identities without detection. These flaws, now patched, enabled manipulation of message content without the usual 'Edited' label, spoofing of alerts to appear from trusted colleagues, and renaming of chats to misrepresent participants. The vulnerabilities exploited Teams' messaging architecture, including the reuse of unique message identifiers and manipulation of hidden conversation parameters, fundamentally undermining the trust in digital communications for over 320 million monthly users.
Microsoft was notified of the issues in March 2024 and addressed them through a series of patches, with the final fix released in October 2025. The vulnerabilities, tracked as CVE-2024-38197 among others, affected both internal users and external guests, posing significant risks of social engineering, data theft, and unauthorized actions. Attackers could trick users into clicking malicious links or sharing sensitive information by making messages and calls appear to originate from high-profile executives or trusted sources, highlighting the importance of prompt patching and ongoing vigilance in collaboration platforms.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
In early November 2025, Check Point publicly disclosed four Microsoft Teams vulnerabilities that could let attackers impersonate colleagues or executives, manipulate message content without an 'Edited' label, and spoof notifications or caller identity. The flaws affected scenarios involving external guest users and malicious insiders and raised social-engineering concerns.
An additional patch for the Microsoft Teams flaws was released in October 2025, indicating that remediation continued after the 2024 fixes. The issues included risks such as impersonation, forged identities, and message manipulation.
Microsoft issued further patches for the Teams-related flaws in September 2024, expanding remediation beyond the initial August update. These fixes were part of Microsoft's response to the broader set of spoofing and message-manipulation issues.
Microsoft addressed part of the reported Microsoft Teams impersonation and notification spoofing issues under CVE-2024-38197 in August 2024. The fix covered some of the flaws later described by Check Point.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
securityonline.info
Open sourcehackread.com
Open sourcetechrepublic.com
Open sourcescworld.com
Open sourcego.theregister.com
Open sourcethehackernews.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.