Microsoft Teams vulnerability fixed that allowed a GIF to hijack people's accounts
A now updated vulnerability in Microsoft Teams could have been used to access people's data.
What you need to know
- Microsoft fixed a vulnerability in Microsoft Teams that could have been used to access user data.
- The vulnerability could have been exploited with a malicious GIF or links.
- Microsoft worked with CyberArk to fix the issue.
A vulnerability in Microsoft Teams has been fixed, protecting people from malicious links and GIFS that could be used to access people's data (via Neowin). The vulnerability was discovered by CyberArk, which worked with Microsoft to fix the issue. The security flaw was present in both the desktop and web browser versions of Microsoft Teams.
Taking advantage of the vulnerability would require a sophisticated form of attack. To access someone's data, an attacker would have had to create and share a malicious link or GIF that someone opened within Microsoft Teams. Notably, a link would have had to be opened, whereas a GIF would just need to be viewed within the communication app. Opening the malicious content within Teams would then send an authentication token to a server controlled by the attacker. Using that data, an attacker could read people's messages, send messages pretending to be a person, create groups, and control the Teams account in several other ways.
An attacker could automate the process and send attacks that would work their way through an entire organization. Here is a portion of CyberArk's conclusions about the vulnerability:
A Microsoft spokesperson told SecurityWeek, "We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe."
The vulnerability relies on an attacker gaining access to subdomains that are open to attack. CyberArk found two subdomains that could be used in an attack, but Microsoft states that these subdomains cannot be exploited anymore.
CyberArk told SecurityWeek that it believes the same attack tactics could still work if someone found a subdomain that could be hijacked, though that's not an easy task, according to CyberArk.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.