Microsoft, the American Tech Giant has issued a fix to the security vulnerability which exposed the users of its Microsoft Teams to GIF based Cyber Attacks which could have otherwise allowed hackers to take over data related to targeted systems.
Going deep into the matter, on March 23, 2020, a team of researchers from CyberArk has issued a warning to Microsoft about a security issue that allows the threat actors to take over an account or steal data of those who viewed GIFs on the Teams account.
The Redmond giant took note of the issue and issued a fix on Monday last week where the compromised subdomain serving up the malicious images was updated with misconfigured DNS records.
Now, to those who did not understand the true concept of this attack, here’s a gist in basic language- Microsoft Teams exhibited a subdomain vulnerability which could have been exploited by an attacker to weaponize a GIF Image and use it to steal data and spread malware like ransomware on the targeted systems.
The attack involved tweaking of weaknesses in the Application Programming Interface(API) which is used to communicate between services and servers.
NOTE- Microsoft Team is a chat-based communication and collaboration platform which allows users to chat with team-mates, video meet and allow applications to be integrated. And like other chat apps, it also allows its users to send team-mates or colleagues animated GIF images depending on the situation, context, and mood of the user. Researchers from CyberArk have discovered that a security hole in this Microsoft subdomain allowed hackers to serve malicious images which later can be used to scrape data from their accounts and lead to data thefts and corporate espionage.