4 vulnerabilities in MS Teams

A team of researchers  have recently discovered 4 vulnerabilities in Microsoft Teams.

  1. SSRF
  2. Spoofing
  3. IP Address Leak (Android)
  4. Denial of Service aka Message of Death (Android)

All of them were reported to Microsoft but so far, the only one that has been patched is the IP Address Lead (Android) which is technically one of the two strong vulnerabilities.

According to the researches the rest are still not patched specially the Spoofing which can be a open door for phishing attacks. When clicking the preview, a different link is opened than what was expected by the user. This can be used either for improved phishing attacks, or to hide malicious links.

There is no promise from Microsoft whether they will patch the other 3 or not, but for our users, we can tell them to rest assured that SafeDNS is and will be blocking all phishing links as long as they have our DNS filter on.