A security vulnerability in Exchange Online allows email sender spoofing under certain conditions, facilitating phishing and social engineering attacks.