Microsoft Teams GIF vulnerability found and fixed

Laurent Giret

Microsoft Teams cache

Pretty much every big messaging app supports GIF sharing these days, and Microsoft Teams is not an exception. The messaging app integrates the popular Giphy GIF library right in the message bar, but it turns out there are some security risks associated with something as innocent as sharing a GIF with your colleagues.

Today, cybersecurity company CyberArk revealed that it has worked with Microsoft to fix an account takeover vulnerability in Microsoft Teams based on the use of malicious GIFs. “We found that by leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts,” the company explained.

The security flaw was pretty serious as it could spread automatically: Teams users just needed to see a malicious GIF on the desktop app or the web version of Teams to lose control of their account. Companies that exclusively used Teams for internal communication may have been less exposed to that vulnerability, though CyberArk explained that simple interactions like an invitation to a conference call with an outsider could have been an opportunity to get your account compromised.

“We worked with Microsoft Security Research Center under Coordinated Vulnerability Disclosure after finding the account takeover vulnerability. Microsoft quickly deleted the misconfigured DNS records of the two subdomains, that were exposed and could be taken over. In addition, Microsoft has pushed more mitigations during the course of time and are continuing to develop more security features to prevent similar flaws in the future,” CyberArk said today. As Microsoft Teams is seeing increased usage during the ongoing coronavirus outbreak, it’s good to know that a core messaging feature remains as safe as you can expect.