Microsoft Discloses Exchange Server Vulnerability for Email Spoofing
/ 1 min read
Microsoft reveals critical Exchange Server vulnerability allowing email spoofing. A newly disclosed flaw, identified as CVE-2024-49040, affects Exchange Server 2016 and 2019, enabling attackers to forge sender addresses in emails. Discovered by security researcher Vsevolod Kokorin, the vulnerability arises from improper parsing of recipient addresses by SMTP servers, leading to potential spoofing attacks. Microsoft has released updates to enhance detection and add warning banners for suspicious emails, although the vulnerability remains unpatched. Users are advised to keep the new security features enabled to mitigate phishing risks.