We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit

2020-04-27 08:20

A vulnerability existed in Microsoft's Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim.

The rest of the Teams vuln was patched last Monday, 20 April.

"If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim's browser will send this cookie to the attacker's server, and the attacker can create a Skype token. After doing all of this, the attacker can steal the victim's Teams account data," said the research outfit.

From here it was straightforward to create a malicious GIF file that could be sent in a Teams message.

El Reg analysed Teams in detail earlier this month from a business usability perspective after new features were added.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/27/microsoft_teams_gif_pwn_patch/

#infosec #israeli #microsoft #teams

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		665	798	4412	4095	3689	12994

News URL

Related news

Related vendor