As more remote work from home happens, your collaboration tools need more scrutiny. A popular choice for instant messaging and video conferencing is Microsoft’s Teams, and securing this application will be a challenge.
Teams already has had one major exploit that would allow a malicious actor to use the Microsoft Teams Updater to download any binary or malicious payload. Researchers discovered it earlier this summer by using a workaround for a previous patch issued for Teams. The exploit involves many steps: It leverages a remote Server Message Block (SMB) share to bypass limitations placed on Teams to update via a URL. What this means is that an attacker needs to be on a nearby network to the intended victim and use a variety of scenarios to install the malware of their choice.
When researchers contacted Microsoft, the software giant claimed this was a feature, not a bug, and that several of their customers use the remote SMB access to update their Teams installation. So. it still remains an issue.
In another case, a ransomware attack on Canon brought down its Teams installation. While not directly related to the security of Teams, it shows the need for securing this channel and having a contingency plan in your post-attack playbooks for how to communicate if you can’t access Teams.
Microsoft has been busy updating Teams recently. Most of its newest features are only available on the latest version of its Windows desktop app that was released at the end of July; the web browser and Mac versions are not yet anywhere near feature parity. If you haven’t yet updated your Teams clients, you should do so ASAP.