Microsoft has resolved security problems in Microsoft Teams that could have been used in an attack chain to take over user accounts -- all with the help of a .GIF file.
On Monday, cybersecurity researchers from CyberArk said a subdomain takeover vulnerability, combined with a malicious .GIF file, could be used to "scrape a user's data and ultimately take over an organization's entire roster of Teams accounts.'
The team says the security issues impact Microsoft Teams on desktop as well as the web browser version.
Microsoft's communications platform is enjoying an expanded customer base alongside rival services such as Zoom and GoToMeeting due to the COVID-19 outbreak. Microsoft Teams is being employed in keeping businesses operational, which includes the sharing of corporate data, and may, therefore, be of renewed interest to cyberattackers in light of the current circumstances.
See also: Microsoft: Here's how we're trying to manage increased cloud demand
During CyberArk's examination of the platform, the team found that every time the application was opened, the Teams client creates a new temporary access token, authenticated via login.microsoftonline.com. Other tokens are also generated to access supported services such as SharePoint and Outlook.
Two cookies are used to restrict content access permissions, "authtoken" and "skypetoken_asm." The Skype token was sent to teams.microsoft.com and its subdomains -- two of which were found to be vulnerable to a subdomain takeover.
"If an attacker can somehow force a user to visit the subdomains that have been taken over, the victim's browser will send this cookie to the attacker's serv ..
Support the originator by clicking the read the rest link below.
