Explaining how the flaw works in a post online, Vegeris said: “Attacker sends or edits an existing message, which looks completely normal to victim.

“Victim executes code upon looking at the message. That’s it. There is no further interaction from the victim.

“Now your company’s internal network, personal documents, Office 365 documents, mail, notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited.

“So let’s expand on that. What if the recipients then automatically post it in their teams, channels? Everybody gets exploited. Did you know you can be a guest in other organisations?

“Probably your organisation already has several guests. They most likely are in their own organisations and those orgs probably have guests, which are in their own organisations. Yes, it could be made into a worm, which spreads within the Microsoft Teams network, at least within an organisation.”

In the initial report to Microsoft, Vegeris said the vulnerability had been discovered in the following versions of Microsoft Teams…


Please enter your comment!
Please enter your name here