Microsoft fixes malicious GIF glitch that could have compromised corporate Teams accounts
- Cybersecurity firm CyberArk discovered a vulnerability that could have allowed hackers to steal Microsoft Teams users’ access tokens by sending GIFs
- It reported the issue on March 23, and Microsoft issued a patch on April 20
Microsoft has patched a vulnerability in its popular chat and conferencing app Teams, which could have allowed hackers to scrape user data and ultimately take over entire organisations’ accounts just by sending victims modified GIFs that look no different from regular moving images.
In an article on Monday, cybersecurity firm CyberArk said it discovered that two subdomains under the Microsoft Teams site were vulnerable to takeovers.
When victims received a GIF modified to point to these compromised subdomains on Teams chat, their browsers would try to load the image, at the same time sending their access tokens to either of the compromised subdomains. These tokens could allow hackers to read and send messages, create groups, add new users or remove users from groups and change permissions in groups, according to CyberArk.
CyberArk said it reported the vulnerability to Microsoft on March 23, and the software giant moved quickly to delete the misconfigured domain name server (DNS) records for the two subdomains that were exposed. Microsoft, which confirmed it worked with CyberArk to fix the vulnerability, issued a patch on April 20.
“While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe,” a Microsoft spokeswoman told the Post on Tuesday.