Microsoft Teams, which has been surging in usage over the last few months, has responded to and fixed the platform's first major security flaw.
The flaw, uncovered by Evolution Gaming, was that there was an XSS vulnerability in the 'teams.microsoft.com' domain. The attacker would send a particular message to any Teams channel or user, launching an exploit that runs silently. The code would give the attacker full access to devices and internal networks.
Avanan security analysts tested this shortly after it was published, and verified it was fixed.
While this was caught before any major damage was done, it is illustrative of the potential major problems coming down the pike with Teams.
As we wrote a few weeks ago, Avanan stopped a Teams-based attack that would've installed a Remote Access Trojan at a major financial institution, giving the hacker unfettered access to documents, files and data.
Avanan has secured the Teams environments of over 150 organizations, and are one of a few companies to be able to tombstone malicious files and messages.
Our Teams solution can help prevent major exploits like this one from reaching your end-users.
