A vulnerability in Microsoft Teams, discovered by cybersecurity researchers, was revealed to could have potentially allowed attackers to take over user accounts by tricking them into clicking a malicious GIF image. Consequently, Microsoft patched the flaw via a security update in early April, and there have been no reports of this vulnerability being exploited in the wild.
Researchers at CyberArk found that by exploiting the subdomain takeover vulnerability in Microsoft Teams URL-embedded GIFs, hackers could have gained access to a user’s Microsoft Teams account data, messages, and files, even if the victim did not have a Microsoft Teams account. Considering the widespread usage of Microsoft Teams during the pandemic, the vulnerability could have exposed a massive number of users to this attack.
The subdomain takeover vulnerability can be leveraged when a subdomain that originally hosted third-party services is no longer active, but the DNS record still exists, allowing an attacker to “claim” the subdomain. By embedding a malicious GIF with a payload, the attacker could effectively hijack the victim’s account after they click the image.
CyberArk’s responsible disclosure prompted Microsoft to take immediate action to patch the vulnerability and prevent potential exploitation. Users are advised to regularly update their systems to ensure they are protected against newly patched flaws, as well as to exercise caution when clicking on links or opening files from untrusted sources.
