By Andrey Charikov and Oded Vanunu

**Key Findings:**

Launched in March 2017, Microsoft Teams has become one of the most widely used communication and collaboration platforms in the world. As part of the Microsoft 365 family, Teams provides workplaces with chat, video conferencing, file storage, and application integration to more than 320 million monthly active users. From the largest global enterprises to small and medium-sized businesses, Teams has become a critical backbone of modern workplace communication.

Our research revealed a series of vulnerabilities in Teams that undermine those trusted communication channels. We found that both external guest users and malicious insiders can manipulate messages, impersonate executives, and even spoof notifications. In practice, this means an attacker could enter as a guest and convincingly appear to be the CEO, a fundamental breakdown of the trust that organizations rely on to operate securely.

In recent years, we’ve witnessed sophisticated threat actors, including state-sponsored groups and nation-state actors, increasingly target collaboration platforms and communication tools as part of broader espionage and data exfiltration campaigns. These advanced persistent threat (APT) groups have demonstrated particular interest in:

Today, threat actors exploit the inherent trust users place in familiar communication and workspace interfaces, using social engineering tactics to manipulate employees through platforms organizations depend on for daily operations.

Recent intelligence reports have highlighted how these threat actors specifically target remote work infrastructure, recognizing that communication platforms have become critical business infrastructure. Given this evolving threat landscape, Check Point Research set out to investigate potential security gaps in widely-used workspace tools. As part of this broader research initiative into these platforms, we examined Microsoft Teams to identify how its trust mechanisms could be subverted. The findings presented here highlight Teams as one example of a wider issue: the ways attackers can exploit trust in modern workspace tools.

We approached this research from two key attack perspectives: external guest users attempting to infiltrate organizations, and internal malicious users, such as compromised employees or insider threats, seeking to abuse their existing access.

Our research revealed several vulnerabilities within Microsoft Teams that could be exploited to manipulate message content and sender identity, alter notification appearances. Most critically, we discovered that both external guest users and internal malicious actors can effectively transform their identity to appear as trusted personnel, including C-level executives, fundamentally breaking the trust boundaries that organizations rely on for secure communication.

These findings are significant, demonstrating not just theoretical risks but practical loopholes that could be used for misinformation, impersonation, and privacy breaches. Whether starting as an external guest user or operating as a malicious insider, an attacker could seamlessly transition to appearing as a trusted authority figure, potentially fooling employees into believing they’re communicating with their CEO, finance director, or other high-authority figures.

Specifically, we were able to:

Together, these vulnerabilities show how attackers can erode the fundamental trust that makes collaboration workspace tools effective, turning Teams from a business enabler into a vector for deception.

Microsoft had previously disclosed CVE-2024-38197 as a medium-severity spoofing issue in Microsoft Teams for iOS, noting that earlier client versions did not properly validate message sender fields and could therefore misrepresent user identity in limited cases. Our research expands on those findings by demonstrating a more impactful exploitation path: we developed a proof-of-concept showing how a malicious bot or webhook could craft payloads with falsified “from” attributes that rendered convincingly as trusted users within the Teams interface. This amplification highlights not only the practical risk of targeted impersonation but also the broader need for stricter validation controls across Teams clients.

While Microsoft Teams offers both web and application versions that function similarly, we focused our research on the web version. This version, like its app counterpart, accepts and processes JSON payloads for various actions, such as sending messages and making calls.

When a message is dispatched, several parameters are included in the request body:

Upon sending a POST request, the response includes the **OriginalArrivalTime** parameter, which carries a Unix timestamp value, which is crucial for operations that modify the message post-send, such as editing, deleting, or quoting our own or someone else’s messages.

Moreover, another key piece of information obtained is the unique UUID assigned to every user. It can be found by fetch conversation of specific user or his messages whether from private or group chat:

This UUID (from above screenshot it starts with 8:orgid:37f85325) is essential for identifying users within the system and plays a significant role in the vulnerabilities we will explore.

Let’s begin with the basics and explore what modifications we can make to our own messages. As previously mentioned, when we send a message, we include a **clientmessageid** parameter (along with the content of our message) and receive a Unix timestamp value for the **OriginalArrivalTime** parameter:

**OriginalArrivalTime**: 1709414616944

**clientmessageid**: 2711247313308716623

Upon retrieving our entire chat history, we can observe these values:

Now, let’s attempt to edit our message directly within MS Teams. Unfortunately, this action results in an “Edited” label appearing above our message. To bypass this, we can craft a new message and replace the **clientmessageid** with the value from our previous message – **2711247313308716623**. This approach effectively masks our edit, making it undetectable to others.

**Manipulating Notifications**

Whether on a phone app or a PC, these alerts draw our immediate attention, especially when they signal messages from key figures within an organization. For instance, receiving a notification that implies a message is from the CEO or another high-ranking official inherently demands a higher level of urgency and importance. This psychological effect is what makes notifications not just informative but influential.

Within each message sent, there’s a parameter called **imdisplayname**, which, by default, displays the sender’s name:

Through our investigation, we’ve found that this parameter can be altered to any desired value. This manipulation results in the recipient receiving a notification that appears to come from someone other than the actual sender:

Result:

**Altering Display Names in Private Chats**

Microsoft Teams provides functionality to update the conversation topic in group chats through a specific PUT endpoint. This feature is designed to help users organize and identify their chats more efficiently.

PUT /api/chatsvc/emea/v1/threads//properties?name=topic

By manipulating the request to this endpoint, it’s possible to alter the conversation topic not just in group chats, where such changes are expected and allowed, but surprisingly, in private conversations as well.

In case of private chat—a direct conversation between two individuals—any change to the topic should ideally be restricted or not applicable, given the nature of private chats not having a ‘topic’ in the conventional sense.

Before:

After:

Such a change, when executed, can mislead users into believing they are engaging in a conversation with a different person.

**Forging Caller Identity in Video/Audio Calls**

We discovered that the display name used in call notifications could be arbitrarily modified through specific manipulations of call initiation requests. This flaw allows an attacker to forge the caller identity, presenting any chosen name to the call recipient.

During the call initiation phase, a JSON payload is sent to:

POST /api/v2/epconv

containing various parameters that define the call’s characteristics. Among these, the “displayName” parameter within the “participants” section is of particular interest. This parameter is intended to display the name of the caller as it appears to the recipient.

By modifying the “displayName” value in the payload, we were able to alter the apparent identity of the caller. For instance, changing it to an arbitrary name results in the call recipient seeing a call incoming from the modified name, instead of the actual caller’s identity:

This results in:

These vulnerabilities create several concerning attack scenarios that align with techniques used by sophisticated threat actors, including nation-state groups:

**Executive Impersonation and Social Engineering**

Attackers can significantly impersonate others, making it appear as though a message was sent by someone else. In private chats, a malicious guest user could impersonate someone internal, such as a finance department member. Notifications can be spoofed to display a false sender name, preying on the instinct to trust official-looking notifications, potentially from authority figures or top executives.

**Advanced Persistent Threats and Data Exfiltration**

These attacks can directly facilitate more severe malicious activities commonly seen in nation-state campaigns:

**Malware Delivery**: Attackers can send a spoofed notification, seemingly from a trusted source like a top executive, asking for urgent action or clicking a link, which then installs malware.

**Credential Harvesting / Fraud**: By impersonating someone internal, particularly in finance, attackers could fish for sensitive data or commit fraud by pretending to discuss budget numbers or other sensitive information.

**Misinformation Campaigns**: The ability to create false message histories and undermine trust in conversation integrity enables the spread of misinformation campaigns.

**Privacy Breaches**: The overall vulnerability impact includes privacy breaches.

**Briefing Disruption**: The ability to impersonate individuals during sensitive briefings hosted on Teams can spread confusion or trick participants into revealing sensitive information. This implies a broad risk for any role involved in high-stakes communications.

**Risk Mitigation Strategies**

**How Organizations Can Reduce Their Risk**

Microsoft has since addressed the vulnerabilities we reported in Teams, requiring no action from users. However, collaboration platforms provide only a baseline of native security, and our research shows that this layer can be bypassed.

To protect against trust exploitation, organizations need an additional layer of defense that includes:

Protecting the modern workplace requires security that extends beyond what collaboration platforms natively deliver. Only with a second, multi-layered defense can organizations safeguard the communications, data, and trust that keep business running.

_Join our webinar to dive deeper into the findings and practical defenses:_

**How Organizations Can Reduce Their Risk**

Microsoft has since addressed the vulnerabilities we reported in Teams.

However, the vulnerabilities we discovered emphasize the importance of behavioral practices for reducing exposure:

**Critical Thinking**: Our research highlights the constant need for critical thinking now more than ever. Users should always question what they see and hear online, even when it seems to come from a source they normally trust.

**Digital Awareness**: Understanding these specific attack vectors is a vital to becoming more digitally aware. Organizations should educate their teams about these particular manipulation techniques.

**Verification Protocols**: Given the ease with which these vulnerabilities can be exploited, organizations should implement out-of-band verification methods for sensitive communications, especially those involving financial transactions or sensitive data.

**Disclosure Timeline**