Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Teams is prone to modern malware, new research shows
The vulnerability allows the bypassing of security controls.
3 min. read
Published onJune 22, 2023
published onJune 22, 2023
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
Recently, a study has shown that over80% of Microsoft Teams accounts were hacked at least one time, in 2022. What’s even more worrying is the fact that the same study reported that 60% of Microsoft Teams accounts were successfully hacked. That is a worrying number, but just how easily can Microsoft Teams be hacked, in this case?
Well, it turns out Teams can be very easily hacked. New research conducted byJUMPSEC’s Red Teamdiscovered that Team is actually prone to modern malware. And external tenants can easily bring malware into Microsoft Teams as well.
How can this happen? There is a vulnerability in the latest version of Microsoft Teams. This vulnerability allows the malware to infiltrate any organization using Microsoft Teams in its default configuration.
The hacker can bypass the client-side security controls. These security controls prevent external tenants from sending files (malware in this case) to staff in your organization.
IDOR in Microsoft Teams allows for the introduction of malware
The exploitation is possible through a vulnerability in the client-side security controls. In Microsoft Teams, certain security controls can be implemented client-side.
So that means one hacker can impersonate an individual from your organization, and by bypassing these controls, they will be able to send you malicious files. This coupled with another vulnerability, allows the hacker to send malicious files directly into your inbox.
The research states that this method can bypass nearly all modern anti-phishing security controls. However, it requires the hacker to buy a domain similar to your target organizations and register it with M365.
But it impacts every organization using Teams in the default configuration, so this vulnerability has a huge potential for being exploited by threat actors.
The vulnerability was acknowledged by Microsoft, and the Redmond-based tech giant even validated its legitimacy. However, the tech giant said it did not meet the bar for immediate servicing.
There are still things your organization can do to protect themselves. According to the research, you can do the following:
As you can see, while Teams is a very popular app for organizations to use, it’s also extremely vulnerable to attacks. However, since vulnerabilities like these are often patched in updates, you should also keep your Teams updated to the latest version, all the time. You can readthe research in full here.
What do you think about this vulnerability? Be sure to let us know in the comments section below.
More about the topics:Microsoft Teams,Windows 11
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
