Zero day vulnerability found in Microsoft Teams

Researcher finds cyber security vulnerability which could enable cyber attackers to take control of users’ accounts

A researcher at security firm, Tenable, found the vulnerability this week and revealed the find in a company blog. Evan Grant, who works in the firm’s Zero-Day team, found that the flaw could allow an attacker to gain access to a victim’s chat history, the ability to read and send emails on the victim’s behalf and access files in their OneDrive storage.

The rise of remote access and why flaws matter

The susceptibility, which has now been patched by Microsoft, would affect enterprise users of the company’s software. Use of Teams has for obvious reasons gained much traction over the last 18 months and has acquired millions of new users - in fact, the company has said it now has more than 100 million users, although that figure would also use regular consumers of its software.

Grant said he thought the particular vulnerability could be leveraged by threat actors in a variety of different scenarios. This includes the reading of team chats, sending emails and messages as if from another trusted user and even accessing, downloading or tampering with files. He stressed that such vulnerabilities reveal the potential threat posed by platforms like Teams, especially those most trusted.

Server security and validation

This one in particular came through the PowerApps service Microsoft offers businesses, enabling them to create business-specific use cases on its products, like Teams, Excel and others. What could be exploited is the lack of URL verification in PowerApps to attack a company’s users. The vulnerability was serious because it is amplified by the permissions granted to Microsoft Power Apps within Teams, which enables hackers to take control of any users accessing the malicious tab.

This flaw was what is known as a ‘server-side vulnerability’ in cyber security-speak. They exist on the servers which power Microsoft’s apps, software and services and can be fixed by organisations without user action, but system administrators may still need to recheck their systems possible exploitations.

The problem arose because Microsoft teams has a default feature allowing users to launch applications as a tab within any team they belong to. Organisations using Office 365 or Teams with a Business Basic licence or higher can als launch Microsoft Power Apps within the tab. Tenable discovered that content loaded into the Power Apps was governed by ‘an improperly anchored regular expression,’ meaning the validation mechanism doesn’t properly confirm the content comes from a trusted source, which then opens the gateway to attackers.


Image source


Featured Articles

The upcoming Tech Mahindra & Microsoft Cyber Security event

Join our exclusive roundtable with cybersecurity experts from Tech Mahindra and Microsoft. Gain insights, network, and stay ahead of evolving threats

IBM to build its first European quantum data centre

IBM Quantum announcements will allow European cloud region users to provision quantum systems and process data within the EU

Cisco delivers first app for hybrid work to Audi vehicles

Webex will be the first collaboration app to come to select Audi vehicles, equipping vehicles with Meetings capabilities for seamless collaboration

How digital twins unlock enterprises’ sustainability efforts

Enterprise IT

Avast: Cybercriminals use common apps to lure victims

Cloud & Cybersecurity

World Password Day: Study shows enthusiasm for passwordless

Cloud & Cybersecurity