The vulnerability which is said to have been patched could impact enterprise edition users of the software. The Teams app gained immense popularity last year which helped it acquire millions of users across the globe. As per Microsoft the app now has over a 100 million users.
As per the researcher the vulnerability could be taken advantage of by an attacker in a number of ways such as getting access to chats, sending out malicious emails, downloading files, etc. These types of vulnerabilities put unsuspecting users at risk as they feel they are receiving messages or prompts from people they trust.
The vulnerability was in the PowerApps service Microsoft provides to firms. The service allows them to develop business-specific use cases on products offered by Microsoft. Cybercriminals could leverage the lack of any URL verification in PowerApps to exploit users.
The impact of the vulnerability could be further amplified by granting permissions to the Microsoft Power Apps from the Microsoft Teams. If attackers were successful in performing the breach they could take complete control of the user account.
These types of flaws are termed “server-side vulnerability” as these are present on the servers that run the apps, software and services. These types of vulnerabilities can be taken care of by the company without user action, however the system administrators should still consider rechecking the system for any possible exploits still present.