Microsoft’s five-month delay in disclosing four serious vulnerabilities that have been exploited by hackers since March has drawn criticism from cybersecurity experts. Experts say Microsoft should be using fuzzing and other advanced security practices to help identify cyber threats, rather than relying on its customers to discover them.
The “microsoft teams vulnerabilities 2021” is a problem that has been present for a while. Microsoft still hasn’t fixed four Teams vulnerabilities exploited since March.
Alexandru Poloboc is an author.
Editor of the News
Alex spent the most of his time working as a news reporter, anchor, and on TV and radio, with an overriding drive to always get to the bottom of things and find the truth… Continue reading
We were just talking about Teams the other day, reporting on how you may not be able to establish new free organization accounts, and now Microsoft’s top conferencing tool has resurfaced.
And, although it makes us feel better when we have to announce bug fixes or new features coming to Teams, we also have to inform you about this security issue.
Security researchers claim to have uncovered four unique vulnerabilities in Teams, which may be used to fake link previews, expose IP addresses, and even get access to Microsoft’s internal services.
In the wild, four significant vulnerabilities are still being exploited.
According to a blog post, Positive Security experts discovered these flaws while seeking for a means to get around the Same-Origin Policy (SOP) in Teams and Electron.
SOP is a security technique available in browsers that helps prevent websites from attacking one another, in case you didn’t know.
The researchers discovered that they might circumvent the SOP in Teams by misusing the app’s link preview function when examining this sensitive subject.
This was accomplished by enabling the client to create a link preview for the target website, and then extracting information from the preview picture using either summary text or optical character recognition (OCR).
Additionally, Positive Security co-founder Fabian Bräunlein uncovered additional unrelated flaws in the feature’s implementation while doing so.
Watch This Video-
Microsoft has been slow to fix the four Teams vulnerabilities that have been exploited since March. The latest exploits and vulnerabilities 2020 is a blog post by Paul Ducklin about how Microsoft still hasn’t fixed the issue. Reference: latest vulnerabilities and exploits 2020.
Related Tags
- microsoft teams vulnerability patch
- microsoft teams risk assessment
- 2021 security vulnerabilities
- microsoft teams zero-day
- microsoft team download