Microsoft Teams, one of the world’s most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.
Researchers at Check Point this week revealed four flaws in Teams that, if exploited, could have fundamentally broken the trust that underpins communication inside organizations. Together, they made it possible to alter messages without the “Edited” label, spoof alerts to make them appear from trusted colleagues, rename chats to change who they appeared to be with, and even forge caller identities in audio or video calls.
With more than 320 million monthly users relying on Teams for everything from financial approvals to…
Microsoft Teams, one of the world’s most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.
Researchers at Check Point this week revealed four flaws in Teams that, if exploited, could have fundamentally broken the trust that underpins communication inside organizations. Together, they made it possible to alter messages without the “Edited” label, spoof alerts to make them appear from trusted colleagues, rename chats to change who they appeared to be with, and even forge caller identities in audio or video calls.
With more than 320 million monthly users relying on Teams for everything from financial approvals to boardroom decisions, the implications were significant.
“These vulnerabilities hit at the heart of digital trust,” said Oded Vanunu, chief technologist and head of product vulnerability research at Check Point Software. “Threat actors don’t need to break in anymore; they just need to bend trust. Seeing isn’t believing anymore – verification is.”
Check Point first disclosed the bugs to Microsoft in March 2024. The company confirmed the issues, tracked one as CVE-2024-38197, and issued patches throughout 2024, completing the final fix, which addressed the caller identity flaw, at the end of October 2025.
According to the researchers, the vulnerabilities exploited Teams’ own messaging architecture. By reusing unique message identifiers, Check Point found it was possible to silently overwrite existing chat content, removing the audit trail that normally shows when a message has been edited. Another bug allowed attackers to alter notification parameters so alerts appeared to come from any chosen name – an easy way to simulate a message from a CEO or finance director. A third flaw let attackers change the display name in private chats by modifying a hidden “conversation topic” field, while the fourth allowed caller IDs to be forged through manipulated call initiation requests.
Although Microsoft classified the main issue as medium severity, Check Point’s proof of concept showed how these could be chained together for more damaging attacks. In a simulated scenario, a guest user could pose as a senior executive, send urgent instructions, and follow up with a video call that appeared genuine – a plausible setup for financial fraud, credential theft, or malware delivery.
Check Point warned that attackers could exploit such flaws for espionage, misinformation, or disruption of sensitive briefings. “If they can manipulate what people see and believe, they can bypass traditional defences,” the firm said in its report. “These flaws strike at the heart of digital trust. The risks go far beyond nuisance — they enable executive impersonation, financial fraud, malware delivery, and misinformation campaigns.”
- Ransomware gang runs ads for Microsoft Teams to pwn victims
- Zoom stomps critical privilege escalation bug plus 6 other flaws
- Vulnerability scores, huh, what are they good for? Almost nothing
- Microsoft kills 9.9-rated ASP.NET Core bug – ‘our highest ever’ score
This shows how attackers have moved on from breaking into systems to meddling in conversations. Email used to be the weak spot; now it’s collaboration tools like Teams, Slack, and Zoom. These apps run on trust – that the person messaging you is who they claim to be – but as chat, workflows, and AI assistants start to blend together, that trust is getting a lot easier to exploit.
“Collaboration platforms are now as critical as email and just as exposed,” said Vanunu. “Organisations must secure what people believe, not just what systems process.”
Check Point said that its findings should serve as a wake-up call for enterprises relying on trust-based communication tools. It urged companies to adopt layered defences, from zero-trust access controls and data-loss prevention to anomaly detection and employee verification protocols, to guard against manipulation inside these apps.
While Microsoft’s patches close the immediate loopholes, the incident shows how even trusted platforms can become vectors for deception. According to Check Point, the real exploit now is the human one: hacking trust, not systems. ®