Site icon WinCert

Microsoft Teams has serious security issues

<p>Security researchers from <a href&equals;"https&colon;&sol;&sol;positive&period;security&sol;" target&equals;"&lowbar;blank" rel&equals;"noopener">Positive Security<&sol;a> have discovered four vulnerabilities in Microsoft Teams app that could possibly be exploited by attackers&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-4335" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2021&sol;09&sol;hacker-6512174&lowbar;640&period;jpg" alt&equals;"" width&equals;"640" height&equals;"400" &sol;><&sol;p>&NewLine;<p>These vulnerabilities allow spoofing the link previews and even access to internal Microsoft services&period; Additionally&comma; for Android users&comma; this vulnerability could leak IP addresses and DoS attacks to their Teams channels&period;<&sol;p>&NewLine;<p>Two of the bugs found can be used on any device and allow spoofing and SSRF or server-side request forgery&comma; while the other two can only affect Android smartphones which can be exploited to leak IP addresses for DOS or Denial of Service attacks&period;<&sol;p>&NewLine;<p>Once the SSRF vulnerability was exploited&comma; the researchers were able to leak information from Microsoft&&num;8217&semi;s local network while the spoofing bug could be used to improve phishing attacks or to hide the malicious links&period;<&sol;p>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;positive&period;security&sol;blog&sol;ms-teams-1-feature-4-vulns" target&equals;"&lowbar;blank" rel&equals;"noopener">These 4 separate discoveries<&sol;a> were reported to Microsoft back in March 2021 who has remediated only one vulnerability related to IP address leak in Teams on Android&period;<&sol;p>&NewLine;<p>Microsoft has told the researchers that the other 3 bugs don&&num;8217&semi;t pose an immediate threat to Teams users&period;<&sol;p>&NewLine;

Exit mobile version