• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers disclose unpatched vulnerabilities in microsoft teams software

Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software

You are here: Home / General Cyber Security News / Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software
December 23, 2021

Microsoft explained it won’t be correcting or is pushing patches to a later on day for a few of the four security flaws uncovered in its Teams company communication platform previously this March.

The disclosure comes from Berlin-based cybersecurity business Constructive Security, which discovered that the implementation of the website link preview attribute was inclined to a quantity of issues that could “make it possible for accessing inner Microsoft products and services, spoofing the hyperlink preview, and, for Android consumers, leaking their IP handle, and DoS’ing their Teams application/channels.”

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Of the four vulnerabilities, Microsoft is reported to have dealt with only 1 that outcomes in IP tackle leakage from Android products, with the tech large noting that a deal with for the denial-of-service (DoS) flaw will be viewed as in a potential variation of the merchandise. The issues were being responsibly disclosed to the business on March 10, 2021.

Microsoft teams vulnerabilities

Main amongst the flaws is a server-side ask for forgery (SSRF) vulnerability in the endpoint “/urlp/v1/url/data” that could be exploited to glean facts from Microsoft’s regional network. Also uncovered is a spoofing bug whereby the preview backlink focus on can be altered to level to any malicious URL while holding the primary backlink, preview impression and description intact, letting attackers to disguise malicious one-way links and phase enhanced phishing attacks.

Prevent Data Breaches

The DoS vulnerability, which impacts the Android model of Groups, could trigger the application to crash just by sending a message with a specifically crafted link preview that contains an invalid goal as an alternative of a authentic URL. The final of the issues fears an IP tackle leak, which also influences the Android app. By intercepting messages that include a hyperlink preview to point the thumbnail URL to a non-Microsoft domain, Good Security stated it is really probable to achieve entry to a user’s IP deal with and consumer agent knowledge.

“Whilst the identified vulnerabilities have a restricted effects, it really is stunning each that such easy attack vectors have seemingly not been analyzed for right before, and that Microsoft does not have the willingness or assets to safeguard their consumers from them,” Beneficial Security’s co-founder Fabian Bräunlein reported.

Observed this posting fascinating? Observe THN on Fb, Twitter  and LinkedIn to read through a lot more special material we put up.


Some elements of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cyber-Attack on Belgium’s Military
Next Post: 4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories 4 year old bug in azure app service exposed hundreds of source»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices
  • Report Explores Child’s Data Safety Legislation Across 50 Countries
  • India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
  • Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
  • 18 Oil and Gas Companies Take Cyber Resilience Pledge
  • Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
  • Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers
  • The Added Dangers Privileged Accounts Pose to Your Active Directory
  • Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
  • DuckDuckGo CEO defends platform after Microsoft online tracker agreement uncovered

Copyright © TheCyberSecurity.News, All Rights Reserved.