• Facebook
  • LinkedIn

Tel: 020 7250 3840

4TC Services
  • Home
  • IT Support
    • About Managed IT
    • Fully Managed
    • Proactive IT Support
    • Ad-Hoc
    • Mac Remote Management
    • Installation and Relocation
  • Backup
    • SAAS Protection – G Suite and Office 365
    • Direct to Cloud Backup
    • Disaster Recovery
  • Security
    • Digital ID & the Dark Web
    • Anti-Virus
    • Mail Archiving
    • Managed Anti-Spam
  • FileMaker
  • Cloud
    • IT as a Service – IaaS
  • About Us
    • Contact
    • Cookie Policy
    • Privacy Policy
    • GDPR – Statement
  • Telecoms
    • Teams – Voice and Video calling
  • Products
  • Blog
  • Search
  • Menu Menu

Microsoft Teams security flaw left users defenceless against serious cyberattacks

A simple vulnerability in collaboration platform Microsoft Teams could have given attackers the keys to the kingdom, researchers have found.

According to security company Tenable, although Microsoft has now remedied the situation, the vulnerability exposed all manner of sensitive information, from chat logs and email to files shared via OneDrive or SharePoint.

Beyond data exposure, the bug could also have been used to seize control of users’ Microsoft 365 accounts. With this level of access, attackers could have sent emails from victims’ accounts, for example, setting the stage for spear-phishing and other secondary attacks.

The Teams exploit makes use of a separate Microsoft product called Power Apps, which is designed to assist with application development. This service can be launched as a tab within Microsoft Teams.

Tenable researchers discovered that the mechanism for verifying content loaded into Power Apps was easy to manipulate. By spoofing the trusted domain (https://make.powerapps.com), an attacker could have created a malicious Power Apps tab capable of compromising any Teams user that clicked through.

“Despite its simplicity, this vulnerability poses a significant risk as it could be leveraged to launch a number of different attacks across a variety of services, potentially exposing sensitive files and conversations, or to allow an attacker to masquerade as other users and perform actions on their behalf,” said Evan Grant, Staff Research Engineer at Tenable.

“Given the number of access tokens this vulnerability exposes, there are likely to be other creative and serious potential attacks not explored in our proofs-of-concept.”

The silving lining is that the vulnerability could only have been exploited by someone with authority to create Power Apps tabs. Although insider attacks are commonplace, this at least means the exploit could not have been abused by an unauthenticated third-party.

Soon after the issue was disclosed, Microsoft rolled out a fix to all customers, with no action required from end-users or administrators. There is no evidence to suggest the vulnerability was abused in the wild.

Source: https://www.techradar.com

We’re 4tc Managed IT Services

4TC can support you with all the services you need to run your business effectively, from email and domain hosting to fully managing your whole IT infrastructure.

Setting up a great IT infrastructure is just the first step.  Keeping it up to date, safe and performing at its peak requires consistent attention.

So we can act as either your IT department or to supplement an existing IT department. We pride ourselves in developing long term relationships that add value to your business with high quality managed support, expert strategic advice, and professional project management.

Recent Posts

  • Taking the correct steps to secure your business with M365
  • Securing Your Workplace with Microsoft 365
  • Microsoft Teams may just help you get out of that dull work meeting
  • Achieving Value from your IT
  • Getting Value from Your IT

Recent Comments

    Archives

    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • May 2017
    • June 2015

    Categories

    • 4TC
    • Anti-Spam
    • Cyber Security
    • Disaster recovery
    • IT Services
    • News
    • Services

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    4TC Services

    Email: support@4tc.co.uk

    Tel: 020 7250 3840

    London Office

    124 City Road
    London
    E1V 2NX

    Essex Office

    Dew Gates The Street
    High Roding
    Essex
    CM6 1NT

    Signup for IT News!



      © Copyright - 4TC Services
      • Facebook
      • LinkedIn
      5 Ways Microsoft Can Improve the User Experienceremote workMicrosoft Teams is changing how you reply to messages
      Scroll to top