The Bottom Line: A security vulnerability in Exchange Online allows email sender spoofing under certain conditions, facilitating phishing and social engineering attacks.
In Exchange Online, a security vulnerability can be exploited to manipulate the sender address and send forged emails. Not all enterprise customers are equally affected.
The “Ghost-Sender” scenario in Exchange Online is a security vulnerability that allows attackers under certain conditions to send emails with forged sender addresses. The system passes these emails along without performing sufficient authentication checks.
The scope of affected organizations varies depending on their configuration. Not all of Microsoft’s enterprise customers are equally affected — it depends on specific security settings and authentication policies how vulnerable an environment is to this attack. Security testing services now offer capabilities to assess the vulnerability of an Exchange Online environment and map out concrete risks.
For CISOs, this vulnerability poses an elevated risk for phishing campaigns and social engineering attacks, as attackers can send emails that appear to come from trusted senders. A timely review of your own Exchange Online configuration and authentication mechanisms should be a priority.
Source: www.heise.de · Published June 10, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.