Microsoft Teams Vulnerability Could Have Let Attackers Compromise Accounts Using Links, GIFs

Microsoft Groups Vulnerability May Have Let Attackers Compromise Accounts Utilizing Hyperlinks, GIFs

Microsoft Groups has change into a preferred and helpful supply for organisations working remotely — particularly on the time of the continued coronavirus outbreak. It gives a listing of options to persuade professionals over options comparable to Slack and Google Hangouts Meet. Nevertheless, some safety researchers have discovered a vulnerability inside Microsoft Groups that would let attackers compromise skilled accounts merely utilizing specifically crafted hyperlinks and even some witty GIFs. The Redmond firm has acknowledged the flaw and stuck its existence to keep away from any widespread outrage.

The vulnerability existed throughout the system by way of which Microsoft Groups passes the authentication entry token to picture sources, as defined by the researchers at info safety agency CyberArk. An attacker may have exploited that loophole to develop a hyperlink or GIF file that when processed by Microsoft Groups sends an authentication token to a third-party server.

The token will get delivered to the server, which is answerable for the attacker, as soon as a consumer clicks on the malicious hyperlink. Nevertheless, in case of a GIF file, it may be despatched from the Groups account simply by viewing the specifically crafted GIF picture.

After receiving the authentication token, the researchers famous that the attacker may take benefit and in the end purchase the sufferer’s account utilizing the Groups API interfaces. The flaw may additionally give entry to let the attacker learn the messages acquired by the affected consumer and even ship messages from their aspect. Equally, the researchers have mentioned that the vulnerability could possibly be unfold routinely from one account to all of the linked accounts of an organization utilizing Microsoft Groups.

“The GIF may be despatched to teams (aka Groups), which makes it even simpler for an attacker to get management over customers sooner and with fewer steps,” the researchers wrote in a weblog submit.

A proof-of-concept (PoC) has additionally been developed by the researchers to indicate the scope of the flaw.

Having mentioned that, the entry token may solely allow the attackers to amass an account as soon as it’s despatched to a specific subdomain of the groups.microsoft.com listing. This implies the attacker must compromise the subdomain to be able to achieve backdoor entry to the sufferer’s account.

Microsoft addresses the flaw
On the time of their testing, the researchers at CyberArk have been capable of finding solely two subdomains that have been permitting takeover utilizing the entry token. It’s, nonetheless, unclear whether or not the flaw will be exploited utilizing different subdomains. However, cyber-security focussed website SecurityWeek stories that Microsoft has ensured that the subdomains recognized by the researchers could not be used for exploitation. An announcement has additionally been launched by the corporate confirming the repair of the vulnerability.

“We addressed the problem mentioned on this weblog and labored with the researcher beneath Coordinated Vulnerability Disclosure. Whereas we now have not seen any use of this method within the wild, we now have taken steps to maintain our clients protected,” a Microsoft spokesperson mentioned as quoted by SecurityWeek.

Coronavirus unfold helped Groups attain new customers
Though Microsoft Groups was a powerful competitor in opposition to skilled communication platform Slack since its launch for Workplace 365 clients again in March 2017, it gained enormous reputation in the course of the coronavirus outbreak as numerous folks began working from house to restrict the pandemic’s unfold. The app added over 1.2 crore each day customers in a single week final month — marking a 37.5 p.c bounce. It has over 4.Four crore customers worldwide with greater than 2.Four crore customers added since November.

The outbreak hasn’t simply helped Microsoft Groups but in addition apps comparable to Zoom that weren’t a lot widespread among the many public up to now.


How are we staying sane throughout this Coronavirus lockdown? We mentioned this on Orbital, our weekly know-how podcast, which you’ll subscribe to by way of Apple Podcasts or RSS, obtain the episode, or simply hit the play button beneath.

Related Posts