Max Corbridge and Tom Ellson from JUMPSEC, a reputable security analysis firm have made a significant discovery regarding a critical vulnerability present in the most recent release of Microsoft Teams.
This vulnerability poses a grave risk, enabling hackers to bypass client security controls, gain unauthorized access to other teams, and propagate malicious programs containing Trojan horse viruses.
The team at JUMPSEC identified a flaw in the system’s logic, allowing them to exploit it and bypass security controls within a remarkably short timeframe of just 10 minutes. This exploit facilitated the transmission of a harmful program to users in different organizations, exacerbating the potential damage caused by this vulnerability.
Although Microsoft has acknowledged the existence of this vulnerability, the company is yet to announce any temporary workarounds. In the interim, JUMPSEC strongly advises Microsoft Teams users to take immediate measures to safeguard themselves.
By disabling specific options within the settings, users can mitigate the risk of hackers exploiting this vulnerability and transmitting malicious programs to their teams.
With the potential for unauthorized access to sensitive data, organizations and their users face substantial risks. Given the widespread adoption of Microsoft Teams by both large and small organizations for critical operations, the platform becomes an attractive target for hackers. The delay on Microsoft’s part in addressing this issue raises concerns, as it exposes countless users to potential cyberattacks.
