A security expert says Microsoft "acknowledged the problem" after initially dismissing warnings about a bug in its Outlook email app.Vsevolod Kokorin said he discovered a vulnerability that, under certain circumstances, could allow someone to impersonate an official Microsoft account. He shared his alert on X after he said Outlook technicians told him he couldn't reproduce the problem. According to Kokorin, the issue allows a user using Outlook to send an email to another Outlook user and disguise the email as coming from a Microsoft corporate account. 400 million people have an Outlook account.
"Microsoft just said they can't do it again without providing any information," Cocolin told in an online chat.Kokorin demonstrated the bug and emailed it: "Hello, this is the Microsoft security team. We are lying to you! The sender of the message reads security@microsoft.com
Kokorin said he contacted Microsoft on June 15 but did not receive a response.On June 18, he shared on X: “I thank everyone who forwarded this article and supported me. At this point they have acknowledged the problem.Microsoft has not responded to requests for comment from several media organizations.