Microsoft Teams spoofing flaws information disclosure flaw (CVE-2024-38197)
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft Teams flaws disclosed in November 2025 enabled impersonation, message tampering, and spoofed notifications, creating social engineering risk for chat, call, and notification flows. Microsoft tied part of the issue set to CVE-2024-38197 in Teams for iOS, with fixes beginning in August 2024 and additional patches following in September 2024 and October 2025. The weaknesses could let attackers make malicious messages look like they came from trusted colleagues, increasing the chance of sensitive information disclosure.
Related Happenings
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/Service
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/ServiceAbout this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive Guidance
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
**Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive GuidanceAbout this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Trend
H score19
First: 19.05.2026 17:00
Last: 19.05.2026 17:00
Sources 1
About this happening:
Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
TrendAbout this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Microsoft Edge regression disrupts Teams meeting joins
Service Disruption
H score1
First: 23.04.2026 16:18
Last: 23.04.2026 16:18
Sources 1
About this happening:
A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...
Microsoft Edge regression disrupts Teams meeting joins
Service DisruptionAbout this happening: A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...
Microsoft Teams rolls out Brand Impersonation Protection for external call warnings
Security Tool/Service
H score14
First: 22.01.2026 18:28
Last: 22.01.2026 18:28
Sources 1
About this happening:
**Microsoft Teams** is adding **Brand Impersonation Protection** to warn users about suspicious **first-time external callers**, reducing social-engineering risk in call flows. Th...
Microsoft Teams rolls out Brand Impersonation Protection for external call warnings
Security Tool/ServiceAbout this happening: **Microsoft Teams** is adding **Brand Impersonation Protection** to warn users about suspicious **first-time external callers**, reducing social-engineering risk in call flows. Th...
Timeline
-
04.11.2025 16:00 2 articles · 8mo ago
Check Point details Microsoft Teams spoofing flaws
Technical Analysis UpdateCheck Point disclosed four Microsoft Teams flaws that could let attackers manipulate conversations, impersonate colleagues, spoof notifications, alter private chat display names, and forge caller identities, creating social engineering risk for guest and internal users. Microsoft said CVE-2024-38197 is a medium-severity spoofing issue in Teams for iOS, and fixes began in August 2024 with later patches in September 2024 and October 2025.
Show sources
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00
- Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed — thehackernews.com — 04.11.2025 16:00