Security researchers have discovered four separate vulnerabilities in Microsoft Teams. Attackers can use these vulnerabilities to spoof link previews, leak IP addresses, and even access the software giant’s internal services.
According to a new blog post, these findings were “stumbled upon” by Positive Security researchers while looking for a way to bypass the Same Origin Policy (SOP) in Teams and Electron. For those who are unfamiliar, SOP is a security mechanism in the browser that can help prevent websites from attacking each other.
During the investigation of this matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in the Microsoft video conferencing software, allowing the client to generate link previews for the target page, and then use summary text or optical preview images On the character recognition (OCR) to extract information.
However, while performing this operation, Positive Security co-founder Fabian Bräunlein discovered other unrelated vulnerabilities in the implementation of this feature. Microsoft Teams vulnerability
Of the four vulnerabilities discovered by Bräunlein in Teams, two can be used on any device and allow server-side request forgery (SSRF) and spoofing, while the other two only affect Android smartphones and can be exploited to leak IP addresses and achieve Denial of service (DOS).
By exploiting SSRF vulnerabilities, researchers were able to leak information from Microsoft’s local network. At the same time, spoofing vulnerabilities can be used to increase the effectiveness of phishing attacks or hide malicious links.
The DOS error is particularly worrying because an attacker can send a message to the user that contains a link preview with an invalid preview link target (for example, “boom” instead of “https://…”), thereby causing the Teams application The program crashes Android. Unfortunately, when trying to open a chat or channel with malicious messages, the app will continue to crash.
Positive Security disclosed its findings to Microsoft responsibly through its bug bounty program on March 10. However, since then, the software giant has only patched the IP address leak vulnerability in the Android version of Teams. Now Positive Security has publicly disclosed its findings. Although Microsoft told researchers that they would not pose a direct threat to its users, it may have to patch the remaining three vulnerabilities.
Complete News Source : techradar.pro
