Connect with us

Technology

Microsoft Teams might have a few serious security issues

Published

3 years ago

on

Microsoft Teams might have a few serious security issues

Security researchers have discovered four separate vulnerabilities in Microsoft Teams. Attackers can use these vulnerabilities to spoof link previews, leak IP addresses, and even access the software giant’s internal services.

According to a new blog post, these findings were “stumbled upon” by Positive Security researchers while looking for a way to bypass the Same Origin Policy (SOP) in Teams and Electron. For those who are unfamiliar, SOP is a security mechanism in the browser that can help prevent websites from attacking each other.

During the investigation of this matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in the Microsoft video conferencing software, allowing the client to generate link previews for the target page, and then use summary text or optical preview images On the character recognition (OCR) to extract information.

Advertisement

However, while performing this operation, Positive Security co-founder Fabian Bräunlein discovered other unrelated vulnerabilities in the implementation of this feature. Microsoft Teams vulnerability
Of the four vulnerabilities discovered by Bräunlein in Teams, two can be used on any device and allow server-side request forgery (SSRF) and spoofing, while the other two only affect Android smartphones and can be exploited to leak IP addresses and achieve Denial of service (DOS).

By exploiting SSRF vulnerabilities, researchers were able to leak information from Microsoft’s local network. At the same time, spoofing vulnerabilities can be used to increase the effectiveness of phishing attacks or hide malicious links.

The DOS error is particularly worrying because an attacker can send a message to the user that contains a link preview with an invalid preview link target (for example, “boom” instead of “https://…”), thereby causing the Teams application The program crashes Android. Unfortunately, when trying to open a chat or channel with malicious messages, the app will continue to crash.

Positive Security disclosed its findings to Microsoft responsibly through its bug bounty program on March 10. However, since then, the software giant has only patched the IP address leak vulnerability in the Android version of Teams. Now Positive Security has publicly disclosed its findings. Although Microsoft told researchers that they would not pose a direct threat to its users, it may have to patch the remaining three vulnerabilities.

Advertisement

Complete News Source : techradar.pro

Related Topics:
Continue Reading

YouTube

YouTube marks 20th anniversary by launching new useful features What’s new

Published

3 weeks ago

on

April 24, 2025

By

YouTube marks 20th anniversary by launching new useful features What’s new

YouTube has celebrated its 20th anniversary with several new features, including functional upgrades and new features for YouTube TV. The platform has introduced personalised radio stations via Ask Music, which is available to YouTube Premium and YouTube Music users on both iOS and Android devices. Additionally, YouTube is rolling out the ability to fast-forward.

YouTube TV members will gain the ability to build their own multiview experiences, starting with a selection of non-sports content from a small group of popular channels. The platform is introducing improved navigation, better playback quality, and easier access to features such as comments, channel information, and more through videos at 4x speed, providing more.

Advertisement
  1. Delete Unnecessary Emails: Regularly clearing unwanted emails helps maintain storage. Open Gmail in your browser or mobile device, go to your Inbox, Social, or Spam folder, filter messages, select emails to delete or check the box to select all emails in the folder, and click the “Delete” button. The emails will be moved to the Trash folder Empty Your Spam and Trash Folders: If deleted emails remain in your Trash.
  2. Unsubscribe from Unwanted Emails: Open a promotional email and click “Unsubscribe” at the bottom of the email to reduce future accumulation April 2025 — YouTube, the world’s largest video-sharing platform, is celebrating its 20th anniversary with the launch of several innovative features aimed at enhancing user experience, empowering creators, and embracing the future of digital content.

  3. 1. AI-Powered Video Summaries
    One of the most anticipated features is AI-generated video summaries, which will now appear below eligible videos. This allows viewers to preview content quickly and decide whether to watch the full video. The summaries are automatically created using advanced natural language processing and are designed to boost discoverability and engagement.

  4. 2. “Jump Ahead” Smart Chapters
    YouTube is introducing smart chapters with “Jump Ahead” capabilities, allowing viewers to skip to the most engaging parts of videos based on audience retention data. The feature leverages machine learning to identify sections that retain viewers the most and gives users a prompt to “Jump Ahead” with a single tap.

  5. 3. Creator Insights Dashboard Upgrade
    For content creators, YouTube has upgraded its Creator Studio Dashboard with enhanced real-time analytics, audience mood tracking, and AI-suggested titles and tags. The platform’s algorithms now offer dynamic suggestions for improving performance, personalized for each creator’s channel and content style.

  6. 4. YouTube Create App Expansion
    Following positive feedback from beta users, YouTube is officially rolling out the YouTube Create app in over 30 new countries. This free mobile video editing tool includes features like auto-captions, royalty-free music, filters, and multi-clip editing — giving creators more control without the need for expensive software.

  7. 5. Enhanced Live Shopping Tools
    With e-commerce booming, YouTube is expanding its Live Shopping tools, allowing creators to tag mini-social network within the platform. These tools are products, integrate affiliate links, and host shoppable livestreams with real-time viewer interaction. The new update supports multi-vendor support, making collaborations with brands smoother and more profitable.

  8. 6. Smart TV Upgrades
    YouTube is giving its TV interface a refresh, introducing a sleeker design with quicker access to playlists, subscriptions, and smart recommendations. A new “Ambient Mode interactive content suggestions and previews when the app is idle, turning the TV into a dynamic home hub for entertainment.

  9. 7. Community Tab Enhancements
    To improve engagement, YouTube is enhancing its Community Tab with interactive stickers, polls, countdowns, and quizzes — turning it into a mini-social network within the platform. These tools are aimed at helping creators keep their audience involved even between video uploads.
  • Group Media Publication
  1. Construction, Infrastructure and Mining   
  2. General News Platforms – IHTLive.com
  3. Entertainment News Platforms – https://anyflix.in/

Continue Reading
Anyskill-ads

Facebook

Trending

en Englishhi हिन्दी
en English