Microsoft Teams suffers from a serious security flaw

Recently, cybersecurity research company Vectra (USA) has discovered a serious vulnerability in the Microsoft Teams online meeting application.

Similar to Google Meet, Microsoft Teams allows users to meet, teach, work online ... through computer screens, phones.

Recently, the California-based cybersecurity research company Vectra (USA) discovered a potentially serious vulnerability in the desktop version of Microsoft Teams. Where auth tokens are stored as plain text, making them vulnerable to attack by third parties.

Microsoft Teams suffers from a serious security flaw - 1

The issue affects Teams apps based on the Electron framework, affecting Windows, macOS, and Linux users.

Vectra says that these credentials could theoretically be stolen by an attacker with local or remote system access. Microsoft is aware of this vulnerability, but the company doesn't seem to care about fixing it.

Vectra says that once hackers gain the necessary access, they can steal user data or forge identities. This identity can be used to sign in to Outlook or Skype, bypassing multi-factor authentication (MFA) requirements.

Vectra recommends that users stop using Microsoft Teams desktop software until a fix is ​​available or otherwise. Instead, you can use the Teams web app.

“Even worse, attackers can tamper with legitimate communications within an organization by destroying, selectively deleting, or engaging in targeted phishing attacks.” , Connor Pe People's, security expert at Vectra, said.

He noted that this particular vulnerability only exists on the desktop version of Teams due to the lack of "additional security controls to protect cookie data".

Microsoft says that the vulnerability does not meet our requirement for an immediate fix because it requires an attacker to first gain access to the target network. However, the company does not rule out the possibility that a fix will be rolled out in the future.

Microsoft Teams suffers from a serious security flaw - 3

This is not the first time Microsoft Teams has encountered problems, before in December 2021, some members on Reddit complained about the software making them unable to contact the 911 hotline.

Đăng nhận xét

Mới hơn Cũ hơn