Even when Outlook faces serious security threats, Microsoft ignores them, according to concerned user

You sit at your computer, drinking your favorite beverage, and you come across an alarming news item: a security bug has been found that permits anyone to imitate Microsoft corporate email accounts.

This is not a small problem; it is a grave vulnerability that may make phishing endeavors appear highly convincing even to careful people. As per the final update, the bug still hasn’t been patched and could affect millions who use Outlook.

This finding was discovered by a researcher who tried to tell Microsoft about the bug. However, according to reports, the big tech company initially rejected this report, saying they couldn’t repeat what he found.

Feeling angry and worried, the researcher went on social media to announce their discovery so that Microsoft could notice it. And it looks like they did because Microsoft re-opened one of their reports later. This poses the query: Why wasn’t this grave problem dealt with earlier?

This bug’s scope is particularly alarming. It has been designed to attack Outlook accounts, and, as per Microsoft’s latest earnings report, these accounts have at least 400 million users worldwide. This number signifies a large group of people who could potentially suffer from this threat.

Slonser, the researcher’s online identity, shared their sadness about what happened. They underlined that they had no financial motivation behind this action; their main goal was to push companies into recognizing security researchers more sincerely.

I want to share my recent case:
> I found a vulnerability that allows sending a message from any user@domain
> We cannot reproduce it
> I send a video with the exploitation, a full PoC
> We cannot reproduce it
At this point, I decided to stop the communication with Microsoft. pic.twitter.com/mJDoHTn9Xv

— slonser (@slonser_) June 14, 2024

This event brings attention to a bigger problem in the tech market: the continuous fight against cybersecurity.

Microsoft, a major player in this industry, has dealt with many security issues over the past years – from email breaches for the federal government (and the Redmond-based tech giant might actually lose them as customers) to serious flaws that were warned but not corrected. The incidents make us wonder how seriously Microsoft takes cybersecurity and why we must pay attention when outside researchers want to assist.

In the present time, when ensuring digital security is highly important, this circumstance strongly reminds us of our weaknesses and how we must always remain watchful.

It’s an urgent message to tech firms – security should be your top concern, not just in talk but also in practice by cooperating actively with security researchers. Because, during these ages of digital advancements, our personal and work-related data safety is at risk – a duty that should never be taken for granted.