This is a warning from a cybersecurity company for those who use the Microsoft Teams app

The cybersecurity company Vectra has discovered a dangerous vulnerability in the Microsoft Teams application, with which cybercriminals could attack and seize sensitive data and information relatively easily.

With the arrival of the pandemic, confinement, and teleworking, Microsoft Teams has become a tool that millions of workers use every day and who have the app downloaded on their computers. For that reason, the app would be expected to have high levels of security and protection, however, the Vectra team has just discovered an easy-to-exploit vulnerability.

Specifically, it’s about how the Teams app stores credentials and handles disabled identities. The problem is that this Microsoft app is based on Electron technology, and while it is very useful for developers, it can happen (as in this case) that the application is too transparent.

The electron doesn’t support standard browser controls, which means it doesn’t use tools like encryption or protected file locations. and requires them to be managed flawlessly to keep information secure.

The Vectra team decided to put the security of Teams to the test and found that indeed the desktop app, due to the lack of these security controls to protect cookie data, created opportunities for hackers to modify SharePoint files. , Outlook mail and calendars, and Teams chat files.

This is not the only thing though, as attackers can also disrupt legitimate communications within an organization by destroying, exfiltrating, or participating in phishing attacks. And since they do not require any type of credentials, these attacks can be carried out on any position in the company, so from workers to directors can be victims.

However, when Microsoft was notified of the vulnerability, it did not seem very concerned and does not believe that it is necessary to fix this vulnerability immediately. In the meantime, you should use Microsoft Teams from the browser since this version is protected.

Comments are closed.