Recent research from Check Point revealed four serious vulnerabilities in Microsoft Teams that let attackers change how digital communication worked. Hidden within the platform’s interface, these flaws allowed attackers to quietly edit messages, impersonate coworkers or executives, spoof notifications, and fake caller identities during meetings without triggering alerts or drawing attention.

Used by more than 320 million people each month, Microsoft Teams sits at the center of workplace communication. The recent flaws are troubling because they expose weaknesses in how digital platforms convey trust.

Microsoft fixed the flaws between mid-2024 and late 2025 after Check Point’s March 2024 disclosure.

CVE-2024-38197, rated medium severity, turned out more impactful, revealing how attackers can sidestep defenses by altering what users see.

While the technical issues have been patched, the broader concerns remain. For a time, trust in conversations and alerts within Teams could be completely fabricated.

Why It Matters: These vulnerabilities worked by breaking down trust. By altering how communication appeared to users, attackers bypassed traditional security measures and targeted people directly. In platforms like Microsoft Teams, where trust and speed are often assumed, this kind of deception can lead to misdirected actions, credential exposure, or data access without triggering security alerts.

• Message Editing Without a Trace: One of the main flaws allowed attackers to alter the content of sent messages by changing the “clientmessageid” parameter. Because the change left no visible trace, such as an “Edited” label or version history, the message appeared untouched. This opened the door to misinformation, especially in fast-moving or high-pressure conversations.

• Spoofing Notifications to Impersonate Leadership: Another flaw let attackers spoof the sender’s identity in Teams notifications. By controlling how messages appeared on a recipient’s device, they could send malicious messages that looked like they came from trusted departments or senior staff. The tactic exploited people’s instinct to respond quickly to authority or urgent requests.

• Display Name Forgery in Private Chats: By changing metadata like the conversation topic, attackers could manipulate how display names appeared in one-on-one chats. This applied internally as well as across tenants with guest users, greatly widening the opportunity for impersonation.

• Caller ID Spoofing in Video and Voice Calls: The most serious flaw allowed attackers to forge caller identities during live audio or video calls. They could pose as trusted personnel during sensitive conversations, increasing the risk of stolen information or fraudulent requests.

• Coordinated Disclosure and Patching Timeline: Check Point disclosed the vulnerabilities to Microsoft on March 23, 2024. Microsoft released patches in stages, fixing the message editing bug in May, display name manipulation in July, spoofed notifications in September, and the caller ID issue by October 2025. CVE-2024-38197 covers the notification spoofing flaw affecting Teams on iOS, Android, and web. All updates were applied automatically with no action needed from users.

Go Deeper -> Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed – The Hacker News

Critical Microsoft Teams Flaw Lets Hackers Manipulate Messages and Notifications – Cyber Press