Microsoft has addressed a vulnerability in Teams workplace video chat and collaboration platform that could have allowed attackers to take Team accounts by sending participants a malicious link to an apparently innocent GIF image.
The vulnerability was discovered by researchers from CyberArk, it affects both desktop and web versions of the software. The researchers reported the issue to Microsoft on March 23 and the IT giant addressed it in an update released on April 20.
“We found that by leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.” reads the analysis published by CyberArk.
