- Microsoft Teams Guest Chat Feature Creates Unprotected Attack Vector for Malware and Phishing
- Guests rely on host security, allowing bad actors to bypass typical protections.
- Businesses are advised to restrict external invitations, disable chats and train staff on phishing risks
A new feature recently added to Microsoft Teams has also introduced a “fundamental architectural gap” – a vulnerability that could be exploited to drop malware, share phishing links and more – all without setting off the usual security alarms, experts have warned.
Cybersecurity researchers Ontinue discovered that the guest access feature in Microsoft Teams creates an unprotected attack vector.
The feature allows any Teams user to start a new chat with anyone, simply by their email address, meaning that even if the recipient doesn’t use Teams, they can receive an email invitation and join the chat as a guest. By default, this feature is enabled for eligible licenses (SMB licenses such as Teams Essentials, Business Basic, Business Standard, etc.).
Bypass security protocols
However, when someone joins someone else’s Teams environment as a guest, they don’t bring their own security protocols: they are protected by the security protocols their host has.
So, if the host is malicious and has no security protocols, it can share malicious files with guests without raising an alarm. And since the communication takes place outside the victim’s own environment, they will not be informed of the risks either.
In theory, a malicious actor could pose as someone, invite the victim to a Teams chat, and ask them to open a phishing link or download malware. Since the invitation is sent through Microsoft’s own infrastructure and the conversation takes place in Teams, the victim may let their guard down.
At the moment, Microsoft remains silent on this matter and has not yet responded to media inquiries.
In the meantime, businesses are advised to limit external Teams invitations to trusted domains only and control cross-tenant access.
Additionally, they could disable external chats and should inform their employees about phishing attacks and unsolicited messages, regardless of the platform they originate from.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
