Yikes! Microsoft Teams exploit revealed by US Navy — here's how to stop it
Member of US Navy uses exploit to hack Microsoft Teams
According to a report on Neowin, a member of the US Navy exploited a flaw in Microsoft Teams' code. Hypothetically it could be used by hackers to send malicious attachments to a Teams group from an outside source.
Alex Reid, a member of the US Navy's Red Team (a cybersecurity team within the Navy), published the "TeamsPhisher" tool on GitHub. The Red Team's stated purpose is to simulate hacker attacks and then create solutions to use in defense against these hacker attacks.
How to protect against this Microsoft Teams exploit
According to the README file on GitHub, businesses using Teams can circumvent exploits like the TeamsPhisher and block it from accessing user meetings" by managing the options related to external access via the Microsoft Teams admin center under Users -> External access." Teams admins can set up a "universal block as well as allowing only specific external tenants for communications."
For its part, a Microsoft spokesperson responded to Bleeping Computer, stating that they were aware of the report, but noted the exploit relies on social engineering to be successful. Then Microsoft encouraged its users "to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers."
To me, it sounds like Microsoft doesn't see this as a major issue, and that it is up to users of Microsoft Teams to police themselves and not accept or open files or links of unknown origins.
This is good basic advice for any time you're using the internet, but it seems a little dismissive in the grand scheme of things because it's been proven by the US Navy your product is broken and needs to be fixed.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Mark has spent 20 years headlining comedy shows around the country and made appearances on ABC, MTV, Comedy Central, Howard Stern, Food Network, and Sirius XM Radio. He has written about every topic imaginable, from dating, family, politics, social issues, and tech. He wrote his first tech articles for the now-defunct Dads On Tech 10 years ago, and his passion for combining humor and tech has grown under the tutelage of the Laptop Mag team. His penchant for tearing things down and rebuilding them did not make Mark popular at home, however, when he got his hands on the legendary Commodore 64, his passion for all things tech deepened. These days, when he is not filming, editing footage, tinkering with cameras and laptops, or on stage, he can be found at his desk snacking, writing about everything tech, new jokes, or scripts he dreams of filming.