Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software

From thehackernews.com

Microsoft teams vulnerabilities

Microsoft said it won’t be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March.

The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could “allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and DoS’ing their Teams app/channels.”

Of the four vulnerabilities, Microsoft is said to have addressed only one that results in IP address leakage from Android devices, with the tech giant noting that a fix for the denial-of-service (DoS) flaw will be considered in a future version of the product. The issues were responsibly disclosed to the company on March 10, 2021.

Read more…