Microsoft Team Vulnerability

Published On: June 27, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team reviews the findings related to a vulnerability in Microsoft Team and some remediation steps.

The vulnerability was found by JUMPSEC Labs, and they noticed a flaw with the default Microsoft Team configuration that could allow bypassing client-side security control. Threat actors could exploit this vulnerability to deliver malware using maliciously crafted files, tricking the user into accepting and clicking on the file.

It is important to remember that external messages usually come with a warning banner mentioning that the message comes from an external sender.

Microsoft has acknowledged the issue but hasn’t released a patch at the moment. Microsoft advises Teams users to be careful when interacting with email and messages from external tenants.

SensCy recommends that your organization reviews external tenant permission to message your organization’s employees to maintain allow lists for trusted external tenants.

If you have any questions, don’t hesitate to get in touch with your Cyber Advocate.

Related Posts

  • February 28, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Below are the new available [...]

  • February 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, February 13, 2023. Today’s Patch Tuesday comes fix [...]

  • February 7, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update remediate two [...]