- Microsoft Teams flaws allowed for message edits, spoofed alerts, and spoofed caller identities
- Attackers could exploit these errors to conduct phishing, phishing, and malware distribution.
- Microsoft patched CVE-2024-38197; no user action required after October 2025 fixes
Experts have discovered that Microsoft Teams contained multiple vulnerabilities that allowed threat actors to edit messages, spoof notifications, and change user names, opening it up to various phishing and social engineering attacks, putting users at risk of data theft, phishing, and malware/ransomware infections.
In a new report, Check Point Research experts detailed flaws in the popular online collaboration platform, noting that attackers could reuse unique identifiers in the Microsoft Teams messaging system, altering the content of previously sent messages without activating the “Edited” label.
“Sensitive conversations could be modified after the fact, eroding confidence in records and decisions,” the team warned.
Twisting the mechanics of trust
The researchers noted that both mobile and desktop notifications could be manipulated to appear as if an alert came from a trusted executive or colleague, which could easily be used in phishing attacks.
Additionally, they found a way to change the name displayed in private chat conversations by modifying the topic of the conversation. “Both participants see the modified topic as the name of the conversation, potentially misleading them about the context of the conversation.”
Finally, they discovered that the display name used in call notifications (and later in the call) could be modified through “specific manipulations of call initiation requests,” allowing attackers to spoof caller identities.
“Attackers can twist the trust mechanisms that make Teams effective, turning collaboration into an attack vector,” Check Point said, warning of these flaws being exploited in phishing attacks.
To combat the threat, Microsoft first labeled the flaws as CVE-2024-38197 and implemented a “fix series” that concluded in October 2025. As of this publication, all flaws have been fixed and no action is required from users.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
