Researchers discovered an attack route in August that allows malicious actors with file system access to steal Microsoft Teams login credentials.
The Vectra Protect team claimed in a Sept. 13 blog post that attackers don’t need elevated permissions to view these files, exposing them to any attack that gives them local or remote system access.
Researchers noted this issue affected Windows, Mac, and Linux commercial and Government Community Cloud Desktop Team customers.
Microsoft was aware of this issue and closed the file in late August, saying it didn’t satisfy its criteria for quick servicing. Vectra analysts urge users to use the web-based Teams application until Microsoft updates the Teams Desktop Application.
The researchers Advise
The researchers advised security teams could adopt Microsoft Edge’s web-based Teams client to prevent token breaches. The Teams online version is powerful and offers most desktop client features, minimizing productivity consequences. Moreoever for consumers who must use the installed desktop programme, the researchers said it’s vital to monitor key application files for access by other processes.
Aaron Turner, CTO, SaaS Protect at Vectra, said Microsoft hasn’t modified its attitude.
Researchers found a way for attackers with file system access to acquire Microsoft Teams login credentials in August. Moreover the Vectra Protect team claimed in a Sept. 13 blog post that attackers don’t need elevated permissions to view these files, exposing them to any attack that gives them local or remote system access.
However, researchers noted this issue affected Windows, Mac, and Linux commercial and Government Community Cloud Desktop Team customers.
Microsoft was aware of this issue and closed the file in late August, saying it didn’t satisfy its criteria for quick servicing. Vectra analysts urge users to use the web-based Teams application until Microsoft updates the Teams Desktop Application.
However, the researchers advised security teams could adopt Microsoft Edge’s web-based Teams client to prevent token breaches. The Teams online version is powerful and offers most desktop client features, minimising productivity consequences. Furthermore, for users who must use a desktop software, it’s crucial to monitor key application files for access by other processes, researchers say.
Aaron Turner, CTO, SaaS Protect at Vectra, said Microsoft hasn’t modified its attitude.
Read More:
- Microsoft upcomming surface pro 9 with next gen Snapdragon
- Track Xbox Series X UK sales on Twitter, Amazon, Currys, Microsoft, and more
- iOS 16 added recently deleted messages option and here’s how to find it