CxoToday
CxoToday
HomePress ReleaseTenable Research Finds Severe Flaw in Microsoft Teams that Could Allow Attackers to Impersonate End-User Accounts  
Press Release

Tenable Research Finds Severe Flaw in Microsoft Teams that Could Allow Attackers to Impersonate End-User Accounts  

CXOtoday News DeskCXOtoday News Desk

Tenable Research today disclosed a severe vulnerability in the Microsoft Teams chat service. The flaw, discovered by Evan Grant of Tenable’s Zero-Day Research team, could give attackers control over an end-user’s account and enable access to files in their OneDrive storage.

Exploiting the flaw could also allow attackers to impersonate an end-user to obtain confidential information such as internal-only corporate documents, PII, or anything else transmitted via chat, email, or shared through OneDrive or Sharepoint.

According to Microsoft, Teams reached 145 million daily active users in March 2021, roughly a 90% increase in the last twelve months. The growth is largely driven by a surge in remote work, with many enterprises rushing to make cloud-based communication and collaboration as simple as possible.

“This vulnerability could be leveraged by a threat actor in a number of different scenarios including reading team chats, sending emails and messages as if from another trusted user, and even accessing, downloading or tampering with files. While the attacker would need to be an authenticated user in the target organisation, the potential threat to sensitive information and confidential conversations poses a serious business risk,” explains Evan Grant, staff research engineer of Tenable. “We’re all warned to distrust communications from an external source, but vulnerabilities like this reveal the potential threat posed by the platforms, people and teams we trust.”

Microsoft has implemented a solution to this issue and no further action is needed from end-users. In its detailed blog post about the discovery, Tenable Research has also included potential indicators of compromise.

There are also attack simulation videos available here and here.

About Tenable

Tenable® is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Tags :Tenable
add a comment

Leave a Response

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama