Connect with us

Technology

Microsoft Teams might have a few serious security issues

Published

on

Microsoft Teams might have a few serious security issues

Security researchers have discovered four separate vulnerabilities in Microsoft Teams. Attackers can use these vulnerabilities to spoof link previews, leak IP addresses, and even access the software giant’s internal services.

According to a new blog post, these findings were “stumbled upon” by Positive Security researchers while looking for a way to bypass the Same Origin Policy (SOP) in Teams and Electron. For those who are unfamiliar, SOP is a security mechanism in the browser that can help prevent websites from attacking each other.

During the investigation of this matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in the Microsoft video conferencing software, allowing the client to generate link previews for the target page, and then use summary text or optical preview images On the character recognition (OCR) to extract information.

However, while performing this operation, Positive Security co-founder Fabian Bräunlein discovered other unrelated vulnerabilities in the implementation of this feature. Microsoft Teams vulnerability
Of the four vulnerabilities discovered by Bräunlein in Teams, two can be used on any device and allow server-side request forgery (SSRF) and spoofing, while the other two only affect Android smartphones and can be exploited to leak IP addresses and achieve Denial of service (DOS).

Advertisement

By exploiting SSRF vulnerabilities, researchers were able to leak information from Microsoft’s local network. At the same time, spoofing vulnerabilities can be used to increase the effectiveness of phishing attacks or hide malicious links.

The DOS error is particularly worrying because an attacker can send a message to the user that contains a link preview with an invalid preview link target (for example, “boom” instead of “https://…”), thereby causing the Teams application The program crashes Android. Unfortunately, when trying to open a chat or channel with malicious messages, the app will continue to crash.

Positive Security disclosed its findings to Microsoft responsibly through its bug bounty program on March 10. However, since then, the software giant has only patched the IP address leak vulnerability in the Android version of Teams. Now Positive Security has publicly disclosed its findings. Although Microsoft told researchers that they would not pose a direct threat to its users, it may have to patch the remaining three vulnerabilities.

Complete News Source : techradar.pro

Advertisement

In News

SpiceJet announces 8 new flights to connect Jaipur with Varanasi, Amritsar and Ahmedabad

Published

on

By

SpiceJet announces 8 new flights to connect Jaipur with Varanasi, Amritsar and Ahmedabad

SpiceJet expands its domestic network with 8 new flights that will connect Jaipur with Varanasi, Amritsar and Ahmedabad and also link Ahmedabad with Pune.

SpiceJet is further expanding its domestic network with the launch of eight new flights starting November 15.

In the statement released on Wednesday, the airline announced that these new routes will connect Jaipur with Varanasi, Amritsar and Ahmedabad, while also linking Ahmedabad with Pune. This expansion follows the recent launch of 32 new flights in October 2024, including two international flights connecting Delhi with Phuket.

Last month, SpiceJet also commenced UDAN flights linking Shivamogga in Karnataka with Chennai and Hyderabad, and introduced double daily flights between Chennai and Kochi, enhancing connectivity across key regional and metropolitan cities.

Advertisement

“We are excited to announce the launch of new flights from Jaipur to Varanasi, Amritsar, and Ahmedabad, as well as from Ahmedabad to Pune, providing our passengers with greater flexibility and convenience,” SpiceJet Chief Business Officer Debojo Maharshi said.

“These new flights reflect our commitment to supporting passenger demand across tier-II cities and beyond. With our expanded winter schedule, including international and UDAN routes, we aim to provide our customers with greater convenience, affordability, and seamless travel experiences,” Maharshi added.

SpiceJet will deploy its 78-seater Q400 aircraft in these sectors. Bookings for the new flights are now open and tickets are available at the website of the airline, SpiceJet’s mobile app and through online travel portals and travel agents.

On Monday, the airline received a significant boost, with Acuite Ratings & Research Limited upgrading its long-term rating by four notches to ‘B ‘ and its short-term rating to A4. The rating agency has also assigned a ‘Stable’ outlook to the airline.

Advertisement

Group Media Publications
Entertainment News Platforms – anyflix.in      
Construction Infrastructure and Mining News Platform – https://cimreviews.com/
General News Platform – https://ihtlive.com/

Continue Reading
Anyskill-ads

Facebook

Trending