Security News > 2020 > December > Wormable, Zero-Click Vulnerability in Microsoft Teams
Security researcher Oskars Vegeris has published documentation on a wormable, cross-platform vulnerability in Microsoft Teams that could allow invisible malicious hacker attacks.
Microsoft.com' domain could be abused to trigger a remote code execution flaw in the Microsoft Teams desktop application.
He said an attacker could abuse the XSS flaw to obtain SSO authorization tokens for Teams or other Microsoft services, or to access confidential conversations and files from the communications service.
He said Microsoft took the Teams desktop clients "Out of scope" and told the researcher it wouldn't issue a CVE number for the flaw, because vulnerabilities in Microsoft Teams are fixed via automatic updates.
Affected products include Microsoft Teams for macOS v 1.3.00.23764, Windows v 1.3.00.21759, and Linux v 1.3.00.16851.