The new technique, shared with Bleeping Computer on Thursday, manipulates multiple vulnerabilities and flaws within the Microsoft Teams system, allowing external users to send embedded attachments to users by bypassing MS security controls, causing a big concern for businesses worried about cybersecurity. Some flaws, discovered by Bobby Rauch in his investigation, mean attackers could modify sent attachments in Microsoft Teams, causing users to download malicious files from external URLs, rather than the link or file intended — leaving more businesses vulnerable. Here’s what you need to know, and how it works. The modified GIFs are selectively sent to targeted users and include commands to retrieve information from a device. The information is then sent to the Microsoft Teams logs folder where it is monitored and automatically extracted by the malicious stager, giving attackers access to all coded commands, including user login information. While Microsoft doesn’t allow external users to send attachments to other Tenants, Rauch’s research revealed that images, and the Sharepoint link embedded in a JSON POST can be modified to include any external link an attacker wants, including Windows URIS, which can automatically launch an application to retrieve a document, bypassing Microsoft Teams’ security Rauch, however, argued that a response should be more immediate, citing vulnerabilities like the fact that Microsoft Teams runs as a background process, which means attackers will be able to execute commands without the program even needing to be opened. In comparison to other brands on the market, Microsoft Teams is still a top choice. With regular updates, you’ll be able to ensure your system as secure as it can be, but if you’re interested in other software, there are plenty of choices out there. For ease of use more, we’d recommend Zoom or Google Meet as they offer great audio, video quality, and integrate with the majority of other platforms, but, if you’re not deterred, MS teams is still a good option.
