• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
home / News / Microsoft Teams that a GIF violates the system

Microsoft Teams that a GIF violates the system

27/04/2020 07:45 by giorgos

Microsoft seems to have fixed some security issues in Microsoft Teams that could be used in chain attacks to retrieve user accounts - all with the help of a .GIF file.

CyberArk researchers they announced today the vulnerability of a subdomain, which in combination with a malicious .GIF file, could be used to "collect user data and eventually obtain all the Teams accounts of an organization".

teams - Microsoft Teams how a GIF violates the system

The team said security issues affected Microsoft Teams on both desktops and the web version of the program.

The Microsoft communications platform seems to have gained an expanded customer base like other competing services (Zoom, GoToMeeting, etc.) due to the advent of COVID-19. Microsoft Teams is used to keep businesses running, and among other things it offers corporate data sharing. This makes the application a very tempting target for hackers.

During the review of the platform by CyberArk, the team found that each time the application is opened, the Teams client creates a new temporary access badge, which is authenticated through the subdomain login.microsoftonline.com. Other tokens are created to access other supported services such as SharePoint and Outlook.

They noticed that two cookies were used to restrict access to the content, "authtoken" and "skypetoken_asm." So they used these files to get a Sskype badge, sending it to teams.microsoft.com and the subdomains it uses. In two of them they were able to perform a subdomain takeover.

"If an attacker can somehow force a user to visit subdomains occupied (by hackers), the victim browser will send a cookie to the attacker's server. "The attacker (after acquiring the authtoken) can create a distinctive Skype", the team states. "After all this, the attacker can steal the data of the victim's accounts."

However, the chain of attack is complicated, as it was necessary for the attacker to issue a certificate for all the violated subdomains subdomains.

GIF in Microsoft Teams triggered - Microsoft Teams how a GIF violates the system

But as subdomains were vulnerable, this challenge was overcome by either sending a malicious link to the subdomain or sending a .GIF file to a group. This could lead to the creation of the required badge needed to violate a Microsoft Teams session of a victim, as the image only displayed could affect more than one person at a time.

CyberArk has released a PoC showing how attacks could have taken place, along with a script that could be used to stop Teams conversations.

The researchers partnered with the Microsoft Security Response Center (MSRC) as part of the Coordinated Vulnerability Disclosure (CVD) program to report their findings.

CyberArk reported the defect on March 23. On the same day, the Redmond-based company corrected the DNS configuration of the two subdomains, and on April 20, an update was released that completely fixes the problem.

Microsoft Teams that a GIF violates the system was last modified: 27 April, 2020, 7: 45 am by giorgos

Subscribe to our newsletter

no spam

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: GIF, Microsoft Teams

You May Also Like

Unscreen: Free automatic video background removal
iGuRu
Slash commands in Microsoft Teams: save time
Hacking Microsoft Teams: Detailed guide

About Us giorgos

George still wonders what he's doing here ...

Previous Post: « Windows 10 May 2020 Update BSODs attention Windows 10 KB4549951 caution deletes files
Next Post: Manjaro 20.0 Lysia easy Linux for Windows users »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loadingCancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.