The cybersecurity company Vectra has discovered a dangerous vulnerability in the Microsoft Teams application, with which cybercriminals could attack and seize sensitive data and information relatively easily.
With the arrival of the pandemic, confinement and teleworking, Microsoft Teams has become a tool that millions of workers use every day and who have the app downloaded on their computers. For that reason, the app would be expected to have high levels of security and protection, however, the team at just discovered an easy-to-exploit vulnerability.
Specifically, it’s about how the Teams app stores credentials and handles disabled identities. The problem is that this Microsoft app is based on Electron technology, and while it is very useful for developers, it can happen (as in this case) that the application is too transparent.
Electron doesn’t support standard browser controls, which means it doesn’t use tools like encryption or protected file locations and requires them to be managed flawlessly to keep information secure.
The Vectra team decided to put the security of Teams to the test, and found that indeed the desktop app, due to the lack of these security controls to protect cookie data, created opportunities for hackers to modify SharePoint files. , Outlook mail and calendars, and Teams chat files.
This is not the only thing though, as attackers can also disrupt legitimate communications within an organization by destroying, exfiltrating, or participating in phishing attacks. And by not needing any type of credentials, these attacks can be carried out to any position in the company, so that from workers to directors they can be victims.
However, when Microsoft was notified of the vulnerability, it did not seem very concerned and does not believe that it is necessary to fix this vulnerability immediately. In the meantime, it is best that you use Microsoft Teams from the browser since this version is protected.
Facebook Comments
Disqus