In a concerning revelation, security researchers have unearthed a security vulnerability in the latest version of Microsoft Teams that leaves the platform susceptible to malware distribution. The vulnerability, known as IDOR (Insecure Direct Object Reference), allows malicious files to be delivered from external sources, posing a significant risk to organizations relying on Microsoft Teams for day-to-day operations.
JUMPSEC Labs recently issued an advisory highlighting the discovery made by researchers Max Corbridge and Tom Ellson. They identified a flaw in the default configuration of the latest version of Microsoft Teams, which enabled bypassing of client-side security controls. Exploiting this flaw, an attacker could deliver malware by crafting malicious files and tricking users into accepting them from external tenants.
Although Microsoft Teams typically displays a warning banner for incoming messages from external senders, users often overlook these alerts and proceed to interact with the messages. Exploiting this tendency, attackers can successfully launch malware attacks against target systems. Microsoft Teams aims to mitigate such threats by imposing restrictions on file delivery from external tenants through client-side controls. However, the researchers managed to bypass these security measures using a traditional IDOR technique.
By manipulating the recipient ID in the POST request, specifically at /v1/users/ME/conversations//messages, the researchers were able to make malware hosted on a SharePoint domain appear as a downloadable file to the victim user instead of a suspicious link. This technique effectively evades most anti-phishing measures and poses a significant danger to organizations, as potential attackers could abuse Microsoft Teams to target their networks.
The researchers promptly reported the vulnerability to Microsoft, who acknowledged its legitimacy. However, Microsoft has not deemed the issue critical enough to warrant immediate remediation. As a result, the vulnerability remains unresolved, placing organizations at risk.
Given the ongoing threat, the researchers advise Microsoft Teams users to exercise caution when interacting with emails from external tenants. It is recommended to review external tenant permissions, implement allow-lists for trusted external tenants, and provide staff with training to identify and respond to such threats effectively.
Via: Latest Hacking News