Menu
Microsoft Teams vulnerable to GIF attack

Microsoft Teams vulnerable to GIF attack

Vulnerability allows cyber attacker to send a malicious GIF to unsuspecting Teams users

Credit: Microsoft

Cyber researchers have unearthed a flaw in Microsoft Teams that would have allowed attackers to take over users’ accounts via a malicious GIF file. 

A team from security vendor CyberArk found a subdomain takeover vulnerability in the collaboration tool, which now has more than 44 million daily active users.

The flaw, which has been patched by Microsoft, would have allowed attackers to scrape users' data and take over an organisation’s Teams accounts using a GIF.

According to CyberArk, since users wouldn’t have to share the GIF – just see it – to be impacted, vulnerabilities like this have the ability to spread automatically.

“The fact that the victim only needs to see the crafted message to be impacted is a nightmare from a security perspective,” CyberArk wrote in a blog post.

“Every account that could have been impacted by this vulnerability could also be a spreading point to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which makes it even easier for an attacker to get control over users faster and with fewer steps.”

The vulnerability would have affected both Teams desktops or web browser versions if compromised. The flaw’s discovery comes during a major surge in demand for collaboration tools such as Teams, Zoom, Slack and Skype for Business driven by the spread of COVID-19 and the need for staff to work from home. 

Rival Zoom has also struggled to fend of security concerns about its software, leading it to hire former Facebook security chief Alex Stamos as an adviser.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags zoomgifMicrosoft Teams

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments