Cybersecurity researchers have recently informed that a vulnerability in the latest version of Microsoft Teams allows attackers to inject malware into any organization’s network.
All about the Vulnerability
External Tenants in Microsoft Teams refer to organizations that have their own Microsoft tenancy and can send messages to users in other tenancies. When an external tenant sends a message, it is labeled with an “External” banner, indicating its origin.
While external tenants are generally restricted from sending files to members of other organizations, Corbridge and Ellson found a way to bypass this security control.
After a short attempt at changing this security control, they could send files to a target organization by using a “traditional IDOR technique of switching the internal and external recipient ID on the POST request.” And this is how an attacker can potentially inject malware.
How to prevent the latest Microsoft Teams bug
While you wait for Microsoft to release a patch and solve the issue, this is what you can do to prevent attackers from injecting malware into your company.
Since the exploit requires external tenancies to be enabled, you can turn it off for now. This has no further complexities for companies that don’t use this functionality. If yours requires it, you can only allow communication with the domains that need it.
This can be configured from Microsoft Teams Admin Center >> External Access.
Staying vigilant and adapting security measures to evolving social engineering attacks is essential to safeguarding digital assets and maintaining a secure collaboration environment.