Microsoft Teams vulnerability discovered to bypass file sending restrictions

[silversurfer]

Content source

https://www.ghacks.net/2023/06/26/microsoft-teams-vulnerability-discovered-to-bypass-file-sending-restrictions/

A newly discovered vulnerability in Microsoft Teams allows attackers to push malware onto the devices of other Microsoft Teams users, even if they are considered external.

IT security researchers at Jumpsec have discovered a new vulnerability in Microsoft Teams. The vulnerability may be exploited to bypass traditional security protections, e.g., against phishing or malware, to push malicious files to the devices of Microsoft Teams users.

Jumpsec discovered a vulnerability in Microsoft Teams that allows external users to send files directly to internal users. The files are displayed alongside the message, which can be a specially crafted message to get the target to open the file on the machine.

The researchers explain: "Exploitation of the vulnerability was straightforward using a traditional IDOR technique of switching the internal and external recipient ID on the POST request [...]".

The file that gets delivered is hosted on a Sharepoint domain, but the inbox of the target displays it as a file, not a link. The file is downloaded when the user activates it.

Jumpsec notes that the vulnerability is a " potentially lucrative avenue for threat actors to deliver payloads" as it bypasses anti-phishing security controls. An attacker would have to buy a domain and register it with M365, but they would not have to use "mature domains, with web servers, landing pages, CAPTCHAs, domain categorisation, and URL filtering".

 

[silversurfer]

A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants.

The tool exploits a problem highlighted last month by Max Corbridge and Tom Ellson of UK-based security services company Jumpsec, who explained how an attacker could easily go around Microsoft Teams' file-sending restraints to deliver malware from an external account.

The feat is possible because the application has client-side protections that can be tricked into treating an external user as an internal one just by changing the ID in the POST request of a message.

New tool exploits Microsoft Teams bug to send malware to users

A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants.

www.bleepingcomputer.com