Tenable Research Finds Severe Flaw in Microsoft Teams that Could Allow Attackers to Take Control and Impersonate End-User Accounts.
Tenable Research today disclosed a severe vulnerability in the Microsoft Teams chat service. The flaw, discovered by Evan Grant of Tenable’s Zero-Day Research team, could give attackers control over an end-user’s account and enable access to files in their OneDrive storage.
Exploiting the flaw could also allow attackers to impersonate an end-user to obtain confidential information such as internal-only corporate documents, PII, or anything else transmitted via chat, email, or shared through OneDrive or Sharepoint.
According to Microsoft, Teams reached 145 million daily active users in March 2021, roughly a 90% increase in the last twelve months. The growth is largely driven by a surge in remote work, with many enterprises rushing to make cloud-based communication and collaboration as simple as possible.
“This vulnerability could be leveraged by a threat actor in a number of different scenarios including reading team chats, sending emails and messages as if from another trusted user, and even accessing, downloading or tampering with files. While the attacker would need to be an authenticated user in the target organization, the potential threat to sensitive information and confidential conversations poses a serious business risk,” explains Evan Grant, staff research engineer of Tenable. “We’re all warned to distrust communications from an external source, but vulnerabilities like this reveal the potential threat posed by the platforms, people and teams we trust.”
Microsoft has implemented a solution to this issue and no further action is needed from end-users. In its detailed blog post about the discovery, Tenable Research has also included potential indicators of compromise.
There are also attack simulation videos available here and here.