Microsoft says it has resolved a security problem in Microsoft Teams in which an attacker could have taken over user accounts through a .GIF file.
Researchers from cybersecurity software firm CyberArk found that attackers could have used a malicious .GIF file to scrape a user’s data and ultimately take over an organization’s entire roster of Teams accounts.
This vulnerability had the potential to spread automatically since users wouldn’t have to share the file —just see it. It would have affected every user who uses the Teams desktop or web browser version.
“Even if an attacker doesn’t gather much information from a Teams’ account, they could still use the account to traverse throughout an organization (just like a worm),” CyberArk said in a blog on the vulnerability. “Eventually, the attacker could access all the data from your organization’s Teams accounts – gathering confidential information, meetings and calenders information, competitive data, secrets, passwords, private information, business plans, etc.”
Read CyberArk’s blog for a more detailed description of how an attacker could use a malicious .GIF file to take over a user’s account.
Read Next: Microsoft Teams to Increase On-Screen Video Participants
Teams, like other videoconferencing and unified communication platforms like Zoom, Slack, GoToMeeting, WebEx and others are experiencing a surge in usage due to government-imposed lockdowns to prevent the spread of COVID-19.
Platforms like Teams are helping organizations stay running and communicate with employees working from home.
However, hackers are seizing on the same opportunity and are looking for vulnerabilities in those platforms since that’s where data is being transmitted these days.
Luckily, CyberArk worked with Microsoft’s security team and a fix was quickly issued.
In a statement to ZDNet, a Microsoft spokesperson said the company addressed the issue under Microsoft’s Coordinated Vulnerability Disclosure.
According to CyberArk, the firm notified Microsoft on March 20 and the company corrected misconfigured DNS records that same day. On April 20, Microsoft issued a patch.
The technique described in CyberArk’s research was not detected in the wild, Microsoft says.
Cybercriminals are smart, and like a good salesman, they’ll meet their target where the target is. These days, that’s in applications like Teams and Zoom. Be vigilant, as the work-from-home threat landscape is still evolving.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply