In the past few weeks, we have reported about several serious security vulnerabilities in Zoom. For a change, a new serious security vulnerability in Microsoft Teams was revealed today. Security firm CyberArk found this subdomain takeover issue in Teams. Using this vulnerability, attackers can use a malicious GIF to scrape user’s data and use the data to take over an organization’s entire Teams accounts. Once an employee sees the evil GIF image, it will start spreading automatically in the network.
One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, similar to a worm virus. The fact that the victim only needs to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also be a spreading point to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which makes it even easier for an attacker to get control over users faster and with fewer steps.
CyberArk reported the issue with Microsoft Security Research Center last month. Microsoft Teams team has now released an update to fix this vulnerability.