Trust alone isn’t a security strategy. That’s the key lesson from new research by Check Point Research, which uncovered multiple vulnerabilities in Microsoft Teams that could allow attackers to impersonate executives, manipulate messages, and spoof notifications.
With more than 320 million monthly active users, Microsoft Teams has become the backbone of modern workplace communication. From boardroom meetings to quick one-to-one chats, it powers the daily interactions of enterprises, small businesses, and governments worldwide. But Check Point Research’s latest findings show how attackers can twist the very trust mechanisms that make Teams effective, turning collaboration into an attack vector.
Join our upcoming webinar with Check Point leaders to explore the research in depth, understand the evolving threat landscape, and learn how layered defenses can protect your organization.
https://pages.checkpoint.com/2025-nov-ww-critical-microsoft-teams-vulnerabilities-uncovered.html
The Rise of Collaboration as an Attack Surface
Over the past decade, attackers have relentlessly targeted email, exploiting its role as the default business communication tool. Today, we are seeing the same playbook applied to collaboration apps. Platforms like Microsoft Teams, Slack, and Zoom are not just productivity enablers—they are becoming critical business infrastructure.
That shift has drawn the attention of sophisticated threat actors. Advanced persistent threat (APT) groups and financially motivated cyber criminals alike recognize that if they can manipulate what people see and believe inside these platforms, they can bypass traditional defenses. Social engineering thrives in environments of trust—and collaboration apps are built on trust.
The vulnerabilities uncovered in Microsoft Teams are not isolated. They represent a larger trend: attackers exploiting the assumptions users make when communicating through familiar, trusted channels.
What We Found
Check Point Research conducted an in-depth examination of Microsoft Teams, focusing on both external guests and malicious insiders. The results were striking: multiple flaws that allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications.
Here’s what we uncovered:
- Invisible Message Editing
By reusing unique identifiers in the Teams messaging system, attackers could alter the content of previously sent messages—without triggering the standard “Edited” label. The result: a silent rewrite of history. Sensitive conversations could be modified after the fact, eroding confidence in records and decisions. - Spoofed Notifications
Notifications, whether on mobile or desktop, are designed to capture immediate attention. Check Point Research found that attackers could manipulate notification fields so that an alert appears to come from a trusted executive or colleague.
- Altering Display Names via Conversation Topics in Private Chats
We identified a vulnerability that allows an attacker to change the displayed name in private chat conversations by modifying the conversation topic. Both participants see the altered topic as the conversation name, potentially misleading them about the conversation’s context.
Before:
After:
- Forged Caller Identity in Video/Audio Calls
We discovered that the display name used in call notifications (and later on during call itself) could be arbitrarily modified through specific manipulations of call initiation requests. This flaw allows an attacker to forge the caller identity, presenting any chosen name to the call recipient.
While Microsoft has updated Teams to fix these flaws, requiring no action from users, together, these flaws strike at the heart of digital trust. The risks go far beyond nuisance—they enable executive impersonation, financial fraud, malware delivery, misinformation campaigns, and disruption of sensitive communications.
Disclosure and Remediation
Check Point Research responsibly disclosed the vulnerabilities to Microsoft on March 23, 2024, who then labelled them CVE-2024-38197. Microsoft investigated the issues and rolled out a series of fixes throughout 2024, with the final fix for video and audio calls taking place at the end of October 2025.
Why This Matters Now
The Microsoft Teams vulnerabilities are a case study in a broader issue: collaboration platforms are becoming the new battleground. Just as email became the preferred entry point for phishing and business email compromise (BEC), workplace apps now provide fertile ground for manipulation.
Unlike technical exploits that rely on breaking encryption or bypassing firewalls, these attacks work by subverting trust signals. A notification, a display name, a quoted message—all of these are subtle cues employees rely on to know who they’re talking to and what was said. If attackers can bend those cues, they can bend decision-making itself.
Beyond Teams: A Systemic Issue
While Microsoft has patched the specific Teams vulnerabilities, our research underscores that this is not just about one platform. Attackers are increasingly targeting collaboration and workspace apps, from mainstream tools to emerging AI-driven assistants.
Check Point Research has already identified flaws in other platforms, including AI coding assistants and workflow automation tools. The pattern is clear: wherever trust-based interactions happen digitally, attackers will probe for weaknesses.
The Path Forward: Layered Defense
The takeaway for organizations is clear: trust alone isn’t enough. Native defenses within collaboration apps, while important, were designed primarily for usability and productivity—not advanced threat prevention.
Check Point advocates for a layered security model that includes:
- Malware & file protection: Stopping malicious files, links, and payloads shared through collaboration tools.
- Data loss prevention (DLP): Safeguarding sensitive business assets as they move through chat, file sharing, and links.
- Threat detection & response: Monitoring for anomalies such as spoofed sessions or unusual behavior.
- Unified Protection Across Apps: Extending security beyond Teams to cover email, browsers, and other collaboration platforms.
By adding this second layer of defense, organizations can ensure that their data and operations remain secure even if trust inside a platform is manipulated.
Looking Ahead
The vulnerabilities uncovered in Microsoft Teams should serve as a wake-up call. Attackers are no longer just breaking into systems; they are breaking into conversations. As collaboration becomes the lifeblood of business, defenders must prepare for a world where seeing is not believing.
At Check Point Research, we believe transparency and collaboration are key. That’s why we publish our findings and work closely with vendors like Microsoft to drive fixes. But equally, we believe organizations must recognize the limits of trust in digital platforms and adopt layered defenses that account for human psychology as much as technical flaws.
Join the Conversation
Check Point Research’s findings highlight a simple truth: collaboration platforms power modern work—but trust alone isn’t enough.
Join our upcoming webinar with Check Point leaders to explore the research in depth, understand the evolving threat landscape, and learn how layered defenses can protect your organization.
https://pages.checkpoint.com/2025-nov-ww-critical-microsoft-teams-vulnerabilities-uncovered.html