• Home
  • Apps
  • Apps News
  • Microsoft Teams Vulnerability Could Have Let Attackers Compromise Accounts Using Links, GIFs

Microsoft Teams Vulnerability Could Have Let Attackers Compromise Accounts Using Links, GIFs

The vulnerability existed within the system through which Microsoft Teams passes the authentication access token.

Microsoft Teams Vulnerability Could Have Let Attackers Compromise Accounts Using Links, GIFs

Microsoft Teams has grown to over 4.4 users globally

  • Microsoft Teams uses subdomains that could be compromised by attackers
  • CyberArk researchers have found the flaw
  • Microsoft claims Teams has patched the loophole

Microsoft Teams has become a popular and useful source for organisations working remotely — especially at the time of the ongoing coronavirus outbreak. It offers a list of features to convince professionals over alternatives such as Slack and Google Hangouts Meet. However, some security researchers have found a vulnerability within Microsoft Teams that could let attackers compromise professional accounts simply using specially crafted links or even some witty GIFs. The Redmond company has acknowledged the flaw and fixed its existence to avoid any widespread outrage.

The vulnerability existed within the system through which Microsoft Teams passes the authentication access token to image resources, as explained by the researchers at information security firm CyberArk. An attacker could have exploited that loophole to develop a link or GIF file that once processed by Microsoft Teams sends an authentication token to a third-party server.

The token gets delivered to the server, which is in control of the attacker, once a user clicks on the malicious link. However, in case of a GIF file, it can be sent from the Teams account just by viewing the specially crafted GIF image.

After receiving the authentication token, the researchers noted that the attacker could take advantage and ultimately acquire the victim's account using the Teams API interfaces. The flaw could also give access to let the attacker read the messages received by the affected user or even send messages from their side. Similarly, the researchers have said that the vulnerability could be spread automatically from one account to all the connected accounts of a company using Microsoft Teams.

“The GIF could also be sent to groups (aka Teams), which makes it even easier for an attacker to get control over users faster and with fewer steps,” the researchers wrote in a blog post.

A proof-of-concept (PoC) has also been developed by the researchers to show the scope of the flaw.

Having said that, the access token could only enable the attackers to acquire an account once it is sent to a particular subdomain of the teams.microsoft.com directory. This means the attacker needs to compromise the subdomain in order to gain backdoor access to the victim's account.

Microsoft addresses the flaw
At the time of their testing, the researchers at CyberArk were able to find only two subdomains that were allowing takeover using the access token. It is, however, unclear whether the flaw can be exploited using other subdomains. Nevertheless, cyber-security focussed site SecurityWeek reports that Microsoft has ensured that the subdomains identified by the researchers couldn't be used for exploitation. A statement has also been released by the company confirming the fix of the vulnerability.

“We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe,” a Microsoft spokesperson said as quoted by SecurityWeek.

Coronavirus spread helped Teams reach new users
Although Microsoft Teams was a strong competitor against professional communication platform Slack since its launch for Office 365 customers back in March 2017, it gained huge popularity during the coronavirus outbreak as a large number of people started working from home to limit the pandemic's spread. The app added over 1.2 crore daily users in one week last month — marking a 37.5 percent jump. It has over 4.4 crore users worldwide with more than 2.4 crore users added since November.

The outbreak hasn't just helped Microsoft Teams but also apps such as Zoom that weren't much popular among the public in the past.

How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Microsoft Teams, Microsoft, Teams
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Nokia 6.2 Starts Receiving Android 10 Update in India With March 2020 Security Patch
BSNL Joins Airtel, Jio, Vodafone Idea to Offer Benefits for Recharging Other People’s Prepaid Accounts

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com