Fri. May 29th, 2020

Microsoft fixes vulnerability in Microsoft Teams that steals user credentials via specially crafted GIF images

1 min read

Affected by the coronavirus epidemic, the demand for enterprise collaboration and remote audio and video conferencing software such as Microsoft Teams has skyrocketed, and it is in this environment that the total number of Microsoft Teams users has increased exponentially. However, as the number of users increases, software security also becomes more important. For example, Microsoft Teams was found to have a security flaw in March. It was not until yesterday that Microsoft fixed this security flaw.

Microsoft Teams for Linux

According to researchers, the vulnerability mainly affects the Web version and the PC version of Microsoft Teams. The attacker only needs to send a specially crafted malicious GIF dynamic image to trigger the vulnerability.

The bug was reported to Microsoft on March 23. It took Microsoft a month to fix the vulnerability. CyberArk researchers who discovered the security vulnerability said that they worked with Microsoft Security Research Center for this vulnerability, as of now, there is no integrated evidence that an attacker has exploited this vulnerability, so as long as the user upgrades to the latest version, it will be safe and secure.