Microsoft Team Account Vulnerable Due To GIF Glitch

There are a lot of possibilities for how one can get vulnerable to cybercriminals. The number of cybercrimes has increased and so has the ways these crimes proceed. A recently discovered vulnerability in Microsoft Team can be simply exploited by using a GIF. It does sound crazy but an account on Microsoft Team can actually be hacked just because a GIF was viewed on it. This was discovered by researchers at Cyberark and after coming to notice Microsft has patched this vulnerability for good.

This vulnerability exists due to the presence of a loophole in the generation of access tokens by Microsoft. Access tokens are created by Microsoft Teams client and these include the login token as well as tokens for other tasks. There is an access token for sharing images as well and is called the ‘Skype token’. This token is stored by the Microsoft Team client on teams.microsoft.com and there are other subdomains as well. There are two vulnerable subdomains aadsync-test.teams.microsoft.com and data-dev.teams.microsoft.com that are leading to this glitch or flaw.

The vulnerable subdomains can be used by the attacker to obtain auto token cookies. A malicious GIF is sent by the attacker to the user and all it takes is to open the message. Once the message is opened the browser loads the GIF and this leads to the generation of token cookies in vulnerable subdomains. With the auto token cookies, the hacker simply accesses to the account on Microsft Team. The hacker can easily access the accounts without anyone knowing it once the malicious GIF is opened in a web browser or desktop. This vulnerability was discovered and later reported in March while in April it was patched by Microsoft. It was quite a crafty and unexpected way of exploiting any vulnerability that is reported recently.

Leave a Reply

Your email address will not be published. Required fields are marked *