In recent weeks we have heard a lot about numerous vulnerabilities in Zoom application. Now, for a change, one was found in Microsoft Teams. CyberArk, a cybersecurity company, discovered a vulnerability that allowed an attacker to extract user data and take over all company accounts in Teams with a crafted GIF. When a user saw a nasty GIF, it automatically began to spread across the network.
One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, similar to a worm virus. The fact that the victim only needs to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also be a spreading point to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which makes it even easier for an attacker to get control over users faster and with fewer steps.CyberArk
The fix for Microsoft Teams is already here
Fortunately, CyberArk reported the vulnerability at Microsoft Security Research Center last month. Microsoft has just released an update that patches the security hole in Teams, so now the popular communicator is safe to use again. Microsoft’s spokesperson commented via email that: “We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe.”