skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Microsoft Discloses Exchange Server Vulnerability for Email Spoofing

/ 1 min read

Microsoft reveals critical Exchange Server vulnerability allowing email spoofing. A newly disclosed flaw, identified as CVE-2024-49040, affects Exchange Server 2016 and 2019, enabling attackers to forge sender addresses in emails. Discovered by security researcher Vsevolod Kokorin, the vulnerability arises from improper parsing of recipient addresses by SMTP servers, leading to potential spoofing attacks. Microsoft has released updates to enhance detection and add warning banners for suspicious emails, although the vulnerability remains unpatched. Users are advised to keep the new security features enabled to mitigate phishing risks.