Thursday, January 21, 12:44
Home security Microsoft Teams: Viewing a GIF allows you to hijacking accounts

Microsoft Teams: Viewing a GIF allows you to hijacking accounts

Microsoft Teams

Η Microsoft corrected issues security on Microsoft Teams which could be used by hackers to get him account check users, with the help of a file.GIF.

On Monday, security researchers from CyberArk stated that one “Subdomain takeover vulnerability”, combined with a malicious .GIF file, could be used for “the withdrawal data of a user and eventually taking control of all Microsoft Teams of an organization's accounts".

The researchers said that security issues affected Microsoft Teams so much desktop as in web browser version.

Microsoft's communications platform is used by many people, especially at this time COVID-19. Microsoft Teams is also used by many businesses, allowing corporate sharing data and, therefore, is an attractive target for them hackers.

CyberArk researchers studied the platform and found that every time the app opens, the Teams client creates a new temporary access token. The problem was with the way Microsoft handled these tokens, which essentially prove that a legitimate user has access to the Teams account.

Microsoft manages these tokens on its server, in the address bar or in any subdomain under that address. CyberArk found that two of these subdomains, and, were vulnerable to a takeover subdomain vulnerability.

"If an intruder can somehow force one user to visit the violated subdomains, the victim's browser will send the tokens to the attacker's server and he will then be able to create another token, Skype token", Said the researchers. "After all this, the intruder can steal the victim's Microsoft Teams account data ”.

However, the attack is complicated, as the intruder must issue a certificate for the violated subdomains.

As subdomains were already vulnerable, this challenge was overcome, and with the sending of either malicious link in the subdomain or one .GIF file in teams, the required token could be created for the intruder to gain access. Simple GIF viewing is enough, so more Microsoft Teams users can be affected in a single attack.

CyberArk has released proof-of-concept (PoC) code that shows how the attacks, along with a script that could be used to steal Teams' conversations.


"COVID-19 has forced many companies to switch to remote work, leading to a significant increase in the number of users that use Teams or other platforms like it, ”says CyberArk. "Even if an attacker does not gather a lot of information from a Teams account, he could use the account to 'cross' the whole organization."

The researchers collaborated with Microsoft Security Response Center (MSRC) under the program Coordinated Vulnerability Disclosure (CVD) to report their findings.

CyberArk reported vulnerability on March 23. On the same day, the Microsoft corrected the incorrect DNS settings of the two subdomains that allowed attackers to take control of Teams accounts. On April 20, the company also released one patch to mitigate the risk of such errors.

A Microsoft spokesman said: “We addressed the issue discussed on this blog and worked with researchers on the Coordinated Vulnerability Disclosure. "While we have not seen any exploitation of this technique, we have taken steps to keep our customers safe."


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


US: Twitter locks Chinese embassy account due to "dehumanization"

Twitter said it locked the account of the Chinese embassy in the United States for a tweet about its women ...

Ransomware victims pay a ransom to prevent their data from being leaked

Keeping backups is very important, especially in cases of Ransomware attacks. However, it seems that the hackers are using new methods, with ...

QAnon fans: Disappointed on social media after Biden was sworn in

Some QAnon supporters have expressed frustration at online forums and chat rooms over Joe Biden's swearing-in. Most...

COVID-19: Amazon wants to help Biden distribute the vaccines

Amazon has offered to help President Biden distribute COVID-19 vaccines. The letter from Dave Clark, vice president ...

Nitro PDF: Leaked database with 77 million user files!

Hacker leaked on January 20 a stolen database containing email addresses, names and passwords for over ...

Hackers provide free online 2 million Pixlr user files!

Hackers have leaked 2 million Pixlr user files containing information that could then be used to execute ...

Donald Trump: Thanks to Lil Wayne, not to Julian Assange!

Outgoing US President Donald Trump will award today thanks to rapper Lil Wayne in a final wave of pardon that ...

NASA: Uses AI to locate new craters on Mars Τα τελευταία 15 χρόνια, το Mars Reconnaissance Orbiter της NASA περιφέρεται γύρω από τον Άρη μελετώντας...

Windows 10: How to view recently installed updates

Microsoft frequently updates Windows 10, but it is not always clear when each update is installed. Fortunately, there are two easy ways ...

Lorex launches a bell with a 2K camera that detects faces

Lorex launches a new device for smart homes - the bell called "2K QHD Wired Video Doorbell with Person ...