Zero day vulnerability found in Microsoft Teams

Researcher finds cyber security vulnerability which could enable cyber attackers to take control of users’ accounts

A researcher at security firm, Tenable, found the vulnerability this week and revealed the find in a company blog. Evan Grant, who works in the firm’s Zero-Day team, found that the flaw could allow an attacker to gain access to a victim’s chat history, the ability to read and send emails on the victim’s behalf and access files in their OneDrive storage.

The rise of remote access and why flaws matter

The susceptibility, which has now been patched by Microsoft, would affect enterprise users of the company’s software. Use of Teams has for obvious reasons gained much traction over the last 18 months and has acquired millions of new users - in fact, the company has said it now has more than 100 million users, although that figure would also use regular consumers of its software.

Grant said he thought the particular vulnerability could be leveraged by threat actors in a variety of different scenarios. This includes the reading of team chats, sending emails and messages as if from another trusted user and even accessing, downloading or tampering with files. He stressed that such vulnerabilities reveal the potential threat posed by platforms like Teams, especially those most trusted.

Server security and validation

This one in particular came through the PowerApps service Microsoft offers businesses, enabling them to create business-specific use cases on its products, like Teams, Excel and others. What could be exploited is the lack of URL verification in PowerApps to attack a company’s users. The vulnerability was serious because it is amplified by the permissions granted to Microsoft Power Apps within Teams, which enables hackers to take control of any users accessing the malicious tab.

This flaw was what is known as a ‘server-side vulnerability’ in cyber security-speak. They exist on the servers which power Microsoft’s apps, software and services and can be fixed by organisations without user action, but system administrators may still need to recheck their systems possible exploitations.

The problem arose because Microsoft teams has a default feature allowing users to launch applications as a tab within any team they belong to. Organisations using Office 365 or Teams with a Business Basic licence or higher can als launch Microsoft Power Apps within the tab. Tenable discovered that content loaded into the Power Apps was governed by ‘an improperly anchored regular expression,’ meaning the validation mechanism doesn’t properly confirm the content comes from a trusted source, which then opens the gateway to attackers.

 

Image source

Share

Featured Articles

6G: Predictions for the network of the future

With cloud-based technology enabling higher speeds and microsecond latency, experts predict 6G will transform the world. The next generation is coming

Blockchain in space could take tokens and NFTs into orbit

SpaceChain says its latest mission to the International Space Station via a SpaceX rocket blazes a trail for off-planet, high-speed blockchain processing

ICYMI: Top 10 DevSecOps tools and cut-price animal robots

A week is a long time in tech, so here are some of Technology Magazine’s most popular articles which have been starting conversations around the world

Altered Egos: Digital twins hold up a mirror for machines

Digital Transformation

Blockchain technology puts paid to US energy data attacks

Cloud & Cybersecurity

Cybersecurity response costs up in light of new cloud risks

Cloud & Cybersecurity