Microsoft Team Vulnerability

Published On: June 27, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team reviews the findings related to a vulnerability in Microsoft Team and some remediation steps.

The vulnerability was found by JUMPSEC Labs, and they noticed a flaw with the default Microsoft Team configuration that could allow bypassing client-side security control. Threat actors could exploit this vulnerability to deliver malware using maliciously crafted files, tricking the user into accepting and clicking on the file.

It is important to remember that external messages usually come with a warning banner mentioning that the message comes from an external sender.

Microsoft has acknowledged the issue but hasn’t released a patch at the moment. Microsoft advises Teams users to be careful when interacting with email and messages from external tenants.

SensCy recommends that your organization reviews external tenant permission to message your organization’s employees to maintain allow lists for trusted external tenants.

If you have any questions, don’t hesitate to get in touch with your Cyber Advocate.

Related Posts

  • Apple Zero-Day Vulnerability

    September 22, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day [...]

  • Microsoft Patch Tuesday

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, September 12, 2023. Today’s Patch Tuesday comes with [...]

  • Google Chrome 116 Update

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Google announced a new update [...]