Microsoft Teams has a flaw that compromises users

The issue affects users of the desktop versions of the program on various operating systems. All information about this error

Microsoft Teams, the collaboration and communication platform for work teams, presented a bug that compromises the security of thousands of users around the planet.

As reported by the cybersecurity company vector, the flaw is that Teams can store users’ “authentication tokens,” leaving people vulnerable to potential security threats from hackers.

The company acknowledged that the problem was discovered in August 2022, but that does not affect web versions of the programbut to the desktop ones in the operating systems of Windows, LinuxY Mac.

Microsoft Teams: this is the fault found

The security company’s report also indicates that in order to execute an attack on a person who has the authentication tokens stored in Microsoft Teams, the cybercriminal needs to have local access to the system where it was installed.

That is, you have to connect to the same network of the desktop or laptop computer on which the platform is used or, otherwise, you could enter through a phishing strategy.

Once the cybercriminal has access to the local networkyou can remotely access the devices you want, use the authentication tokens, and log in to the accounts of any worker within an organization.

A bug was detected in Microsoft Teams

A bug was detected in Microsoft Teams

For Connor Peoplescybersecurity company researcher, this is the biggest risk regarding failure.

“By taking control of a company’s critical user accounts, the attacker can convince other users to perform tasks that may be detrimental to the organization,” it said.

Microsoft Teams: the source of the problem

According to the Bleeping Computer website, the origin of Microsoft’s problem is that it is an application created using Electron, a platform that allows the generation of desktop applications that work across different platforms.

This capability, while useful in principle, works similarly to a web page: it stores cookies and logins just like any other website would.

This functionality harms the security of any other application that does not invest resources in improving those aspects.

In its report, the company indicated that in addition to being able to find stored information about Microsoft Teams authentication tokens, they were also able to find data related to logins in Outlook and Skype.

The mistake

Microsoft Teams was created in 2017

Microsoft Teams: ways to mitigate risk

The recommendation issued by the cybersecurity company is that people change the platform of use of Microsoft Teams and move from the desktop application to the web version.

For Linux OS usersthese will have to change to a work platform distinct collaborativeas Microsoft will be removing the Teams app from the system starting in December.


Leave a Comment

Your email address will not be published.