Exploiting Trust in Collaboration - Microsoft Teams Vulnerabilities Uncovered

Exploiting Trust in Collaboration: Microsoft Teams Vulnerabilities Uncovered

Trust alone isn’t a security strategy. That’s the key lesson from new research by Check Point Research, which recently uncovered multiple vulnerabilities in Microsoft Teams, now fixed, that could allow attackers to impersonate executives, manipulate messages, and spoof notifications. 

With more than 320 million monthly active users, Microsoft Teams has become the backbone of modern workplace communication. From boardroom meetings to quick one-to-one chats, it powers the daily interactions of enterprises, small businesses, and governments worldwide. 

However, Check Point Research’s latest findings show how attackers can twist the very trust mechanisms that make Teams effective, turning collaboration into an attack vector.

The Rise of Collaboration as an Attack Surface

"Over the past decade, attackers have relentlessly targeted email, exploiting its role as the default business communication tool. Today, we are seeing the same playbook applied to collaboration apps. Platforms like Microsoft Teams, Slack, and Zoom are not just productivity enablers—they are becoming critical business infrastructure," says Hendrik de Bruin, Head Security Consulting SADC, for Check Point Software Technologies.

According to de Bruin, this shift has drawn the attention of sophisticated threat actors.

 "Advanced Persistent Threat (APT) groups and financially motivated cyber criminals alike recognise that if they can manipulate what people see and believe inside these platforms, they can bypass traditional defenses. Social engineering thrives in environments of trust—and collaboration apps are built on trust," he says.

The vulnerabilities uncovered in Microsoft Teams are not isolated. They represent a larger trend: attackers exploiting the assumptions users make when communicating through familiar, trusted channels.

What Check Point Found

Check Point Research conducted an in-depth examination of Microsoft Teams, focusing on both external guests and malicious insiders. The results were striking: multiple flaws that allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications.

Here’s what what was uncovered:

• Invisible Message EditingBy reusing unique identifiers in the Teams messaging system, attackers could alter the content of previously sent messages—without triggering the standard “Edited” label. The result: a silent rewrite of history. Sensitive conversations could be modified after the fact, eroding confidence in records and decisions.
• Spoofed NotificationsNotifications, whether on mobile or desktop, are designed to capture immediate attention. Check Point Research found that attackers could manipulate notification fields so that an alert appears to come from a trusted executive or colleague.

• Altering Display Names via Conversation Topics in Private Chats

Check Point identified a vulnerability that allows an attacker to change the displayed name in private chat conversations by modifying the conversation topic. Both participants see the altered topic as the conversation name, potentially misleading them about the conversation's context. 

• Forged Caller Identity in Video/Audio CallsIt was discovered that the display name used in call notifications (and later on during call itself) could be arbitrarily modified through specific manipulations of call initiation requests. This flaw allows an attacker to forge the caller identity, presenting any chosen name to the call recipient.

While Microsoft has updated Teams to fix these flaws, requiring no action from users, these flaws together strike at the heart of digital trust. The risks go far beyond nuisance—they enable executive impersonation, financial fraud, malware delivery, misinformation campaigns, and disruption of sensitive communications.

Disclosure and Remediation

Check Point Research responsibly disclosed the vulnerabilities to Microsoft on March 23, 2024, which then labelled them CVE-2024-38197. These fixes were investigated and a series of fixes were rolled throughout 2024, with the final fix for video and audio calls taking place at the end of October 2025. 

Why This Matters Now

"The Microsoft Teams vulnerabilities are a case study in a broader issue: collaboration platforms are becoming the new battleground. Just as email became the preferred entry point for phishing and business email compromise (BEC), workplace apps now provide fertile ground for manipulation," de Bruin says.

Unlike technical exploits that rely on breaking encryption or bypassing firewalls, these attacks work by subverting trust signals. A notification, a display name, a quoted message—all of these are subtle cues employees rely on to know who they’re talking to and what was said. If attackers can bend those cues, they can bend decision-making itself.

Beyond Teams: A Systemic Issue

While Microsoft has patched the specific Teams vulnerabilities, Check Point's research underscores that this is not just about one platform. Attackers are increasingly targeting collaboration and workspace apps, from mainstream tools to emerging AI-driven assistants.

Check Point Research has already identified flaws in other platforms, including AI coding assistants and workflow automation tools. 

"The pattern is clear: wherever trust-based interactions happen digitally, attackers will probe for weaknesses," de Bruin says.

The Path Forward: Layered Defense

The takeaway for organisations is clear: trust alone isn’t enough. Native defenses within collaboration apps, while important, were designed primarily for usability and productivity—not advanced threat prevention.

Check Point advocates for a layered security model that includes:

• Malware & File Protection: Stopping malicious files, links, and payloads shared through collaboration tools.
• Data Loss Prevention (DLP): Safeguarding sensitive business assets as they move through chat, file sharing, and links.
• Threat Detection & Response: Monitoring for anomalies such as spoofed sessions or unusual behavior.
• Unified Protection Across Apps: Extending security beyond Teams to cover email, browsers, and other collaboration platforms.

By adding this second layer of defense, organisations can ensure that their data and operations remain secure even if trust inside a platform is manipulated.

Looking Ahead

The vulnerabilities uncovered in Microsoft Teams should serve as a wake-up call. Attackers are no longer just breaking into systems; they are breaking into conversations. As collaboration becomes the lifeblood of business, defenders must prepare for a world where seeing is not believing.

Check Point Research believes transparency and collaboration are key, which is why it publishes its findings and works closely with vendors such as Microsoft to drive fixes. 

Equally, Check Point believes organisations must recognise the limits of trust in digital platforms and adopt layered defenses that account for human psychology as much as technical flaws," de Bruin concludes.

Join the Conversation

Check Point Research’s findings highlight a simple truth: collaboration platforms power modern work—but trust alone isn’t enough.

Join the upcoming webinar with Check Point leaders to explore the research in depth, understand the evolving threat landscape, and learn how layered defenses can protect your organisation.

https://pages.checkpoint.com/2025-nov-ww-critical-microsoft-teams-vulnerabilities-uncovered.html

Join our upcoming webinar with Check Point leaders to explore the research in depth, understand the evolving threat landscape, and learn how layered defenses can protect your organisation.

https://pages.checkpoint.com/2025-nov-ww-critical-microsoft-teams-vulnerabilities-uncovered.html