CIO Influence
CIO Influence News Networking

Tenable Research Finds Severe Flaw in Microsoft Teams that Could Allow Attackers to Take Control

by CIO Influence News Desk
Tenable Research Finds Severe Flaw in Microsoft Teams that Could Allow Attackers to Take Control

Tenable Research disclosed a severe vulnerability in the Microsoft Teams chat service. The flaw, discovered by Evan Grant of Tenableโ€™s Zero-Day Research team, could give attackers control over an end-userโ€™s account and enable access to files in their OneDrive storage.

Recommendedย ITechย News: ย CI Security Changes Company Name to Critical Insight, Reflecting Dedication to Organizations

Exploiting the flaw could also allow attackers to impersonate an end-user to obtain confidential information such as internal-only corporate documents, PII, or anything else transmitted via chat, email, or shared through OneDrive or Sharepoint.

According to Microsoft, Teamsย reached 145 million daily active users in March 2021, roughly aย 90% increase in the last twelve months. The growth is largely driven by a surge in remote work, with many enterprises rushing to make cloud-based communication and collaboration as simple as possible.

Recommendedย ITechย News: ย Global Fuze Study Reveals Gaps in Trust & Shifting Attitudes Toward Flexible Work

โ€œThis vulnerability could be leveraged by a threat actor in a number of different scenarios including reading team chats, sending emails and messages as if from another trusted user, and even accessing, downloading or tampering with files. While the attacker would need to be an authenticated user in the target organisation, the potential threat to sensitive information and confidential conversations poses a serious business risk,โ€ explains Evan Grant, staff research engineer of Tenable. โ€œWeโ€™re all warned to distrust communications from an external source, but vulnerabilities like this reveal the potential threat posed by the platforms, people and teams we trust.โ€

Microsoft has implemented a solution to this issue and no further action is needed from end-users. In its detailedย blog postย about the discovery, Tenable Research has also included potential indicators of compromise.

Recommendedย ITechย News: ย Skorpios Technologies Names Roy Meade Senior Vice President of Manufacturing and General Manager of SKTX

CIO Influence News Desk is a dedicated news publication center that publishes the top news, insights and analysis related to Information Technology, Cloud Modernization, DevOps, Security, Storage and ML ops.

Related posts

Nutanix Study Shows Data Management Becoming More Complex as Cloud Deployments Diversify

Business Wire

Edgecore Networks Launches EAP111: High-Resilience Wi-Fi Access Point for Diverse Environments

Business Wire

Bitsight Unveils Identity Intelligence Solution to Detect and Stop Credential-Based Security Threats Before They Strike

PR Newswire