Microsoft Teams Bugs Leave Users Vulnerable

1062
Winback Email Campaigns: How To Draft And Design

The coronavirus pandemic impacted the world in all kinds of ways – some direct, others less so. One way it technologically impacted people was through the temporary closure of offices, necessitating the “work from home” revolution. While remote work had been possible for years, thanks to cloud-based communication tools like Slack and assorted collaboration apps like Google Docs, COVID pushed workplaces to rapidly adopt these as a key part of their day-to-day operations.

For many, this has been an extremely positive move. Technology now makes it easy for teams to work together even when they’re geographically separated through high-speed internet and the use of software that lets employees talk to one another and exchange documents or notes in a way that’s almost as seamless (and, on occasion, more seamless) than sitting next to one another in an office.

But not everything has been smooth sailing. The fast-paced pivot to remote work and the growing reliance on collaborative platforms has opened up some security vulnerabilities that can pose a considerable threat to businesses. Remote working has meant a rise in attacks such as Server-Side Request Forgery (SSRF) attacks, in which attackers abuse server functionality to illicitly access or modify resources – thereby opening up new types of threats which must be addressed.

The Microsoft vulnerabilities

One recent illustration of the security challenges remote working platforms can cause was a series of vulnerabilities in Microsoft Teams, the business communication tool that serves as Microsoft’s proprietary answer to Slack. These four vulnerabilities, three of which remain unpatched, potentially allowed attackers to carry out link spoofing of web addresses, as well as posing the possibility of letting Android users be targeted with Denial of Service (DoS) attacks.

The vulnerabilities were discovered by researchers for Positive Security. Two of the four vulnerabilities reportedly affect Android users only – with one that allows bad actors to send malicious Teams messages using the Android app in such a way that it will continuously crash the app chat or channel. Ultimately, Microsoft declined to patch several of the vulnerabilities, saying that they posed limited risk to users.

New types of attack

Regardless of whether this is the case, the fact remains that security threats such as these are a new concern for companies. These attacks open up new ways that businesses and other organizations can be targeted by cyber criminals. In some cases, DDoS (Distributed Denial of Service) attacks can be used to knock websites and online services offline, resulting in unasked-for downtime and, potentially, dented customer loyalty.

In other instances, attackers can abuse vulnerabilities or engage in social engineering attacks such as phishing to perform account takeovers. Once inside systems, they could then potentially exfiltrate data, carry out vandalism, eavesdrop regarding sensitive information, plant malware, or multiple other nefarious use-cases. The more tools that companies rely on, the more potential vulnerable points they have that could be abused.

The patching problem

In the vast majority of cases, developers will rush to patch software once they have been alerted to potential vulnerabilities. These patches correct lines of code that allow vulnerabilities or bugs to be exploited in a way that could harm users.

But patching isn’t perfect. Vulnerabilities may take time to be discovered. Zero-day vulnerabilities, for instance, refer to those not yet known to developers, which attackers can exploit before the problem is fully understood. Patches must also be installed by users before they take effect, meaning that organizations with a backlog of patches to install (which, considering the vast number of software packages most organizations use, is more common than you might expect) can remain unprotected. In many cases, attackers will continue to target certain vulnerabilities, knowing that a proportion of users are unlikely to have installed the necessary patches.

The right tools for the job

Patching is extremely valuable, but it’s therefore not the only solution to the problem. Fortunately, there are other tools which can help. For example, Web Application Firewalls (WAFs) can safeguard against attacks like SSRF attacks. Meanwhile, Runtime Application Self-Protection (RASP) measures can uncover real-time attacks as they take place and stop these from taking place. Then there’s the likes of API security, DDoS protection, Advanced Bot Protection, and more. Deploying defenses like Web Application & API Protection (WAAP) is a game-changer when it comes to keeping you and your users safe in a world of remote working.

The world of remote working and workplace collaboration platforms isn’t going away. Nor would many people want them to, given the ways in which they’re helping to revolutionize work as we know it. What is needed are ways to mitigate the risks, while allowing users and organizations alike to enjoy the positives. By utilizing the right defenses, you can do exactly that.

It’s one of the smartest moves any business can do.