2020-04-27
Microsoft Fixes Vulnerability in Teams (a Zoom competitor)
Microsoft has fixed a subdomain takeover flaw in its Teams communication and collaboration platform that could have been exploited to take control of vulnerable accounts. A proof-of-concept exploit demonstrated that would-be attackers could take over accounts by tricking users into viewing a maliciously-crafted GIF.
Editor's Note
Teams is positioned to subsume Skype for Business as well as provide collaboration services. While collaboration is restricted to your Microsoft 365 tenant, meetings can include external, guest, participants which necessitated providing support for sharing images in the chat channel. The token needed for the attack to work is good for only an hour, but is renewed each time the GIF is viewed. Exploiting this weakness is difficult, due to the requirement for identifying a vulnerable Microsoft Teams subdomain. Microsoft claims to have secured those domains and added anti-exploitation measures.

Lee Neely
Read more in
CyberArk: Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams
Infosecurity Magazine: Microsoft Teams Funny GIFs Vulnerability Mended
Silicon Angle: Microsoft fixes wormlike account hijacking exploit in Teams
Threatpost: Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Bleeping Computer: Microsoft Teams patched against image-based account takeover
The Register: We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit
Cyberscoop: Researchers used a GIF to prove they could access Microsoft Teams user data
Security Week: Microsoft Teams Vulnerability Exposed Organizations to Attacks