Microsoft discloses multiple spoofing flaws in Exchange Server and OfficePlus
Microsoft published security advisories for several spoofing vulnerabilities affecting Microsoft Exchange Server and Microsoft OfficePlus, identifying CVE-2021-41350, CVE-2021-42305, CVE-2022-41078, CVE-2022-41079, and CVE-2025-55243. The Exchange issues span multiple advisory releases and indicate a recurring class of flaws that could allow attackers to impersonate trusted senders, services, or content within enterprise messaging environments.
The disclosures show Exchange Server as the primary affected platform, with four separate spoofing CVEs listed across 2021 and 2022, while a later advisory extends the same risk category to OfficePlus. Although the referenced notices provide limited public technical detail, the affected products are widely deployed in corporate communications workflows, making spoofing weaknesses operationally significant for phishing, fraud, and trust-boundary bypass scenarios until patches are applied.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2025-55243
Microsoft published a Security Update Guide entry for CVE-2025-55243, described as a Microsoft OfficePlus spoofing vulnerability.
Microsoft publishes advisories for CVE-2022-41078 and CVE-2022-41079
Microsoft released Security Update Guide entries for CVE-2022-41078 and CVE-2022-41079, both identified as Microsoft Exchange Server spoofing vulnerabilities.
Microsoft publishes advisory for CVE-2021-42305
Microsoft published Security Update Guide information for CVE-2021-42305, another Microsoft Exchange Server spoofing vulnerability.
Microsoft publishes advisory for CVE-2021-41350
Microsoft added CVE-2021-41350, a Microsoft Exchange Server spoofing vulnerability, to its Security Update Guide.
Sources
5 references tracked. Mallory keeps watching after this page renders.
CVE-2025-55243 - Security Update Guide - Microsoft - Microsoft OfficePlus Spoofing Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-41079 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-41078 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability
msrc.microsoft.com
Open sourceCVE-2021-42305 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability
msrc.microsoft.com
Open sourceCVE-2021-41350 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Exchange Server Spoofing Flaws Tracked Across Multiple CVEs
Microsoft has published Security Update Guide entries for multiple **Microsoft Exchange Server spoofing vulnerabilities**, including `CVE-2021-1730`, `CVE-2024-49040`, and `CVE-2025-64667`. The references indicate a recurring class of flaws affecting Exchange Server in which an attacker could impersonate a trusted source or manipulate how identities or messages are presented, creating opportunities for phishing, fraud, or follow-on compromise in enterprise email environments. The available advisories provide limited public technical detail, but the repeated publication of Exchange spoofing CVEs shows that Microsoft continues to track and remediate this attack surface through its update program. For defenders, the immediate implication is to review Exchange Server exposure, validate that relevant Microsoft security updates tied to these CVEs have been applied, and monitor mail infrastructure for signs of spoofed communications or abuse of trust relationships involving Exchange services.
May 25, 2026
Microsoft Exchange Server Flaws Enabled Spoofing, Security Bypass, and SYSTEM-Level Access
Microsoft disclosed multiple vulnerabilities in on-premises **Exchange Server**, including **CVE-2021-31207** (security feature bypass), **CVE-2021-31209** (spoofing), and **CVE-2022-41040** (elevation of privilege). The issues affected Exchange deployments rather than **Exchange Online**, extending a pattern of high-impact weaknesses in the mail platform that could undermine trust boundaries, enable impersonation, and weaken built-in protections. Among them, **CVE-2022-41040** was rated **Critical** with a **CVSS 3.1 score of 8.8**, and Microsoft said exploitation had been detected in the wild before public disclosure. The flaw required an authenticated attacker with low privileges and no user interaction, and successful exploitation could allow the attacker to run **PowerShell** as **`SYSTEM`**. Microsoft later released security updates and directed Exchange Server customers to apply mitigations and patches for the reported zero-day issues.
May 25, 2026
Microsoft Discloses Multiple Windows Spoofing Vulnerabilities Across Core Components
Microsoft published security advisories for several **Windows spoofing vulnerabilities** affecting core platform components, including **Windows Shell Link Processing** (`CVE-2026-25185`), **Windows SMB Server** (`CVE-2025-48802`), **Windows NTLM** (`CVE-2025-21217`), **Virtual Secure Mode** (`CVE-2025-48813`), and **Windows Certificate** handling (`CVE-2022-21836`). The flaws span identity, file handling, network services, virtualization-backed security, and certificate trust mechanisms, indicating broad exposure across enterprise Windows environments. The advisories identify spoofing as the common impact, a class of weakness that can let attackers misrepresent files, systems, identities, or trust relationships to users and services. Organizations relying on Windows authentication, SMB-based file sharing, shortcut handling, certificate validation, and virtualization-based protections should review the affected CVEs and apply Microsoft security updates to reduce the risk of impersonation, deceptive content delivery, and trust bypass in managed environments.
May 25, 2026