Another Microsoft Teams vulnerability has been recently disclosed that allows for the introduction of malware. Jumpsec Labs has shared its research regarding exploiting the Microsoft Teams External Tenants feature “which allows for the possible introduction of malware into any organizations using Microsoft Teams in its default configuration.”

The exploit that Jumpsec Labs researchers found involved “bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff,” thus circumventing many forms of network protection. A few simple social engineering techniques makes it quite difficult for staff to detect a threat actor in enough time to prevent the introduction of malware through these platforms that are largely considered trusted. The blog provides multiple suggestions for tightening permission for external tenants based off an organization’s needs, which members are recommended to review if they utilize Teams heavily. Most notably, consider blocking external tenants from being able to contact employees. Additionally, members are encouraged to educate end users on the potential for trusted collaboration platforms such as Teams, Sharepoint, or Slack to be used by malicious actors in social engineering attacks. Read more at Jumpsec Labs.