Check Point Research uncovered four critical vulnerabilities in Microsoft Teams that could allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities during video and audio calls.
The research team discovered that both external guest users and malicious insiders could exploit these security flaws, fundamentally undermining the trust that 320 million monthly active users place in the platform for daily business communications.
| CVE ID | Vulnerability Type | Affected Products | CVSS Score | Description |
| CVE-2024-38197 | Spoofing / Notification Manipulation | Microsoft Teams (Web, iOS, Android) | 6.5 (Medium) | Improper input validation allowing attackers to spoof message sender identity and alter notifications |
How Attackers Exploit Teams’ Core Functions
The vulnerabilities discovered by Check Point Research reveal multiple attack vectors that attackers could weaponize for targeted impersonation.
Attackers could edit messages without leaving any trace by manipulating the clientmessageid parameter, making malicious content appear as legitimate communications from trusted colleagues.
Additionally, the research team identified the ability to spoof message notifications, presenting false sender identities that exploit the psychological urgency associated with communications from authority figures or executives.
In private chat conversations, attackers could manipulate the conversation topic parameter to alter display names, misleading both parties about whom they’re communicating with.
Perhaps most concerning, the research demonstrated that call initiation requests could be modified to forge caller identities, allowing attackers to present as any chosen individual during video or audio calls.
These vulnerabilities create significant risks for organizations operating in threat environments targeted by nation-state actors and sophisticated cybercriminals.
Executive impersonation scenarios become highly plausible when attackers can convincingly appear as CEOs or financial directors through spoofed notifications and manipulated messages.
Threat actors could leverage these flaws to deliver malware by crafting urgent-looking messages from trusted authority figures directing employees to click malicious links.
Credential harvesting attacks become more effective when attackers impersonate internal personnel, particularly finance department members, to trick employees into revealing sensitive information.
The ability to forge message histories and manipulate call identities could enable misinformation campaigns within organizations, potentially spreading false information during critical business operations.
Attackers could also disrupt sensitive briefings by impersonating participants, causing confusion or tricking attendees into revealing classified information.
Check Point Research responsibly disclosed the vulnerabilities to Microsoft on March 23, 2024. Microsoft acknowledged the report and confirmed it would investigate the reported behavior.
The company subsequently issued patches addressing each vulnerability across different timelines: the message editing flaw was fixed on May 8, 2024; the display name manipulation issue was resolved on July 31, 2024; the notification spoofing vulnerability, tracked as CVE-2024-38197, received a fix on September 13, 2024; and the caller identity spoofing flaw was addressed by the end of October 2025.
All vulnerabilities have been remediated, and no user action is required as Microsoft has deployed the necessary updates across all Teams platforms.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
