Microsoft Teams Vulnerability Let Hackers “Take Over Entire Roster of Teams Accounts”

Elvera Bartels

FavoriteLoadingAdd to favorites

Hacker could “ultimately take in excess of an organization’s overall roster of Groups accounts”

Microsoft’s collaboration platform Groups contained a vulnerability that authorized hackers to ship out a GIF that only experienced to been noticed, in order for it to ship a worthwhile obtain token back again to a compromised server.

This could then be utilized to escalate an assault until a hacker was in a position to “take in excess of an organisation’s overall roster of Groups accounts.”

The bug, disclosed to Microsoft on March 23, was learned and reported by US-centered account protection business CyberArk, and quietly patched by Redmond a thirty day period later on, on April 20, the protection company stated nowadays.

It associated grabbing API authorisation tokens then leveraging a subdomain takeover vulnerability in Microsoft Groups, in a somewhat intricate but hugely powerful assault for a committed adversary.

teams vulnerabilityMicrosoft Groups is a

Read More