![]() ![]() However, Microsoft did not agree on the severity of the issue and said that it doesn't meet the criteria for patching. Vectra researchers discovered the problem in August 2022 and reported it to Microsoft. The researcher adds that by taking "control of critical seats–like a company's Head of Engineering, CEO, or CFO-attackers can convince users to perform tasks damaging to the organization." "This attack does not require special permissions or advanced malware to get away with major internal damage," Connor Peoples at cybersecurity company Vectra explains in a report this week. The newly discovered security issue impacts versions of the application for Windows, Linux, and Mac and refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.Īn attacker with local access on a system where Microsoft Teams is installed could steal the tokens and use them to log into the victim's account. ![]() Microsoft Teams is a communication platform, included in the 365 product family, used by more than 270 million people for exchanging text messages, videoconferencing, and storing files. Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |