Zero-day vulnerability identified in Microsoft Teams

A researcher has identified a vulnerability in Microsoft’s Teams application. It has been revealed that the vulnerability could enable a cybercriminal to take control of the user account. As per the post by the company it has been revealed that the attacker can get access to user’s chat history, emails and even files that have been stored in the OneDrive storage.

The vulnerability which is said to have been patched could impact enterprise edition users of the software. The Teams app gained immense popularity last year which helped it acquire millions of users across the globe. As per Microsoft the app now has over a 100 million users.

As per the researcher the vulnerability could be taken advantage of by an attacker in a number of ways such as getting access to chats, sending out malicious emails, downloading files, etc. These types of vulnerabilities put unsuspecting users at risk as they feel they are receiving messages or prompts from people they trust.

The vulnerability was in the PowerApps service Microsoft provides to firms. The service allows them to develop business-specific use cases on products offered by Microsoft. Cybercriminals could leverage the lack of any URL verification in PowerApps to exploit users.

The impact of the vulnerability could be further amplified by granting permissions to the Microsoft Power Apps from the Microsoft Teams. If attackers were successful in performing the breach they could take complete control of the user account.

These types of flaws are termed “server-side vulnerability” as these are present on the servers that run the apps, software and services. These types of vulnerabilities can be taken care of by the company without user action, however the system administrators should still consider rechecking the system for any possible exploits still present.