September 22, 2023

A researcher at security firm Tenable has found a vulnerability in Microsoft’s Teams application that could allow an attacker to take control of a user’s account. This could grant the attacker access to the victim’s chat history, the ability to read and send emails on the victim’s behalf, and access files in their One drive storage.

The vulnerability actually came through the Power Apps service Microsoft offers to businesses. This allows them to create business-specific use cases on Microsoft’s products, like Teams, Excel and other apps

Attackers could exploit the lack of URL verification in PowerApps to exploit a company’s users, which can be catastrophic The severity of this vulnerability is amplified by the permissions granted to Microsoft Power Apps within Microsoft Teams

The flaw was what is called a “server-side vulnerability“. These are vulnerabilities that exist on the servers that power Microsoft’s apps, software and services. Such vulnerabilities can be fixed by companies without user action, but system administrators may still want to recheck their systems for possible exploits.

Tags:

Leave a Reply

You may have missed

SandMan APT Group in action against Telcos

September 22, 2023

Gold Melody IAB Unsunging for Several Years

September 22, 2023

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023
%d bloggers like this: