Microsoft Team Vulnerability

Published On: June 27, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team reviews the findings related to a vulnerability in Microsoft Team and some remediation steps.

The vulnerability was found by JUMPSEC Labs, and they noticed a flaw with the default Microsoft Team configuration that could allow bypassing client-side security control. Threat actors could exploit this vulnerability to deliver malware using maliciously crafted files, tricking the user into accepting and clicking on the file.

It is important to remember that external messages usually come with a warning banner mentioning that the message comes from an external sender.

Microsoft has acknowledged the issue but hasn’t released a patch at the moment. Microsoft advises Teams users to be careful when interacting with email and messages from external tenants.

SensCy recommends that your organization reviews external tenant permission to message your organization’s employees to maintain allow lists for trusted external tenants.

If you have any questions, don’t hesitate to get in touch with your Cyber Advocate.

Related Posts

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 126 immediately. The new update patches [...]

  • June 6, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 99 vulnerabilities discovered, including 82 WordPress plugin. [...]