Microsoft Teams might have a few serious security issues

News
By published

Only one of the four vulnerabilities found in Teams has been patched

Teams App
(Image credit: Shutterstock / dennizn)

Security researchers have discovered four separate vulnerabilities in Microsoft Teams that could be exploited by an attacker to spoof link previews, leak IP addresses and even access the software giant's internal services.

These discoveries were made by researchers at Positive Security who “stumbled upon” them while looking for a way to bypass the the Same-Origin Policy (SOP) in Teams and Electron according to a new blog post. For those unfamiliar, SOP is a security mechanism found in browsers that helps stop websites from attacking one another.

During their investigation into the matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in Microsoft's video conferencing software by allowing the client to generate a link preview for the target page and then using either summary text or optical character recognition (OCR) on the preview image to extract information. 

However, while doing this, Positive Security co-founder Fabian Bräunlein found other unrelated vulnerabilities in the feature's implementation.

Microsoft Teams vulnerabilities

Of the four bugs Bräunlein found in Teams, two can be used on any device and allow for server-side request forgery (SSRF) and spoofing while the other two only affect Android smartphones and can be exploited to leak IP addresses and achieve Denial of Service (DOS).

By exploiting the SSRF vulnerability, the researchers were able to leak information from Microsoft's local network. Meanwhile the spoofing bug can be used to improve the effectiveness of phishing attacks or to hide malicious links.

The DOS bug is particularly worrying as an attacker can send a user a message that includes a link preview with an invalid preview link target (for instance “boom” instead of “https://...”) to crash the Teams app for Android. Unfortunately, the app will continue to crash when trying to open the chat or channel with the malicious message.

Positive Security responsibly disclosed its findings to Microsoft on March 10 through its bug bounty program. However, in the time since, the software giant has only patched the IP address leak vulnerability in Teams for Android. Now that Positive Security has publicly disclosed its findings, Microsoft may have to patch the remaining three vulnerabilities even though it told the researchers that they don't pose an immediate threat to its users.

We've also rounded up the best identity theft protection, best firewall and best malware removal software

Via Threatpost

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
A worrying security flaw could have left Microsoft SharePoint users open to attack
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Latest in Security
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in News
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
Hugging Snap
This AI app claims it can see what I'm looking at – which it mostly can
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
Hornet swings their weapon in mid air
Hollow Knight: Silksong could potentially launch this year and I reckon it could be a great game for an Xbox handheld
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
More about security
ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
Data leak

Top collectibles site leaks personal data of nearly a million users
Epos Expand Vision 5 Bundle main image

I tested the Epos Expand Vision 5 Bundle - read why this video conferencing solution is recommended
See more latest
Most Popular
Mark S and Helly R standing by their desks bathed in blue light in Severance's season 2 finale
Severance season 2 episode 10 ending explained: what does Mark do, who dies, will there be a season 3, and more big questions answered
YouTube Premium
Would you pay for better sound on YouTube? The video-sharing platform could soon let you control audio quality, but it'll cost you
Hugging Snap
This AI app claims it can see what I'm looking at – which it mostly can
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket
Ryzen AI Max+ 395
Obscure Chinese PC vendor gets preferential AMD treatment as Lisa Su signs first desktop PC with Ryzen AI Max+ 395 ahead of May launch
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
SanDisk Slim Dual Drive
This is the first 2TB dual-port external SSD ever and it's not as expensive as you may think
Bimawen B15.6 TV Pro
A sign of things to come? This portable monitor comes with Google TV, a remote control and a very well hidden Android PC