Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more
Security researcher Oskars Vegeris has revealed a wormable exploit for Microsoft Teams, which would exploit the chat client by only viewing a message, without any user interaction.
The result is a “complete loss of confidentiality and integrity for end-users — access to private chats, files, internal network, private keys and personal data outside MS Teams,” Vegeris said.
The exploit is also cross-platform, affecting Windows, Mac, Linux and even the web app.
Fortunately for Teams users, Vegeris discovered the flaw in August, and Microsoft released a patch not long after at the end of October 2020.
Vegeris had also earlier disclosed a critical “wormable” flaw in Slack’s desktop version that could have allowed an attacker to take over the system by simply sending a malicious file to another Slack user.