Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Mark Anthony Ramirez

Yikes! Microsoft Teams exploit revealed by US Navy — here's how to stop it

Microsoft Teams has a massive security problem, the US Navy

According to a report on Neowin, a member of the US Navy exploited a flaw in Microsoft Teams' code. Hypothetically it could be used by hackers to send malicious attachments to a Teams group from an outside source. 

Alex Reid, a member of the US Navy's Red Team (a cybersecurity team within the Navy), published the "TeamsPhisher" tool on GitHub. The Red Team's stated purpose is to simulate hacker attacks and then create solutions to use in defense against these hacker attacks. 

How to protect against this Microsoft Teams exploit

(Image credit: Future)

According to the README file on GitHub, businesses using Teams can circumvent exploits like the TeamsPhisher and block it from accessing user meetings" by managing the options related to external access via the Microsoft Teams admin center under Users -> External access." Teams admins can set up a "universal block as well as allowing only specific external tenants for communications."

For its part, a Microsoft spokesperson responded to Bleeping Computer, stating that they were aware of the report, but noted the exploit relies on social engineering to be successful. Then Microsoft encouraged its users "to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers."

To me, it sounds like Microsoft doesn't see this as a major issue, and that it is up to users of Microsoft Teams to police themselves and not accept or open files or links of unknown origins.

This is good basic advice for any time you're using the internet, but it seems a little dismissive in the grand scheme of things because it's been proven by the US Navy your product is broken and needs to be fixed.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.