Check Point Research has discovered four security vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, forge notifications, and impersonate other users.
Researchers from Check Point Research have discovered four vulnerabilities in Microsoft Teams that enable spoofing. Both malicious guest users and malicious insiders could alter messages, forge the sender in notifications, and manipulate the displayed name in video calls.
This broke the trust mechanisms that organizations use to assess communication. People learn to prevent phishing and abuse by carefully looking at the sender and other indicators that would suggest someone is not who they claim to be. These bugs undermined that approach.
Four Ways to Manipulate
The researchers describe four specific techniques. They showed that an attacker could:
- modify sent messages without the “Edited” label remaining visible;
- make notifications appear as if they came from senior executives;
- change the display name in private conversations by modifying the conversation subject;
- forge a caller’s name through manipulated call requests.
One of the reported issues was assigned the designation CVE-2024-38197 by Microsoft. Check Point Research reported the findings to Microsoft on March 23, 2024. According to the researchers, Microsoft investigated the bugs and rolled out patches throughout 2024–2025. The researchers state that all vulnerabilities have been resolved since late October 2025.
Risks
The vulnerabilities could significantly increase the risk of CEO fraud, financial scams, malware distribution, and disinformation. An attacker impersonating a trusted colleague could mislead employees into performing harmful actions.
Organizations using Teams are advised to run current client versions and review security policies for guest access and bots. Internal monitoring of unusual notifications and employee awareness remain important to limit this type of abuse.