Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Microsoft Patches Teams Vulnerability

April 28, 2020

Video conferencing has seen a tremendous increase since the beginning of the coronavirus pandemic. As a result, cyber criminals are scanning and targeting applications such as Zoom, Microsoft Teams, GoToMeeting, Webex, etc. It's no secret that Zoom has been in the crosshairs for the past several months, but its competitors are not immune to vulnerabilities either. Naked Security reported that the Israeli security company CyberArk identified a vulnerability in Teams. Without getting into the propeller head technical explanation, two problems were identified. Two Teams sub-domains were improperly exposed and able to be exploited. The second issue was the way Teams validates authentication tokens.

Microsoft fixed the DNS records to stop improper access to the sub-domains and has released a patch to fix the authentication vulnerability. CyberArk worked with Microsoft to fix the discovered problems. Nothing is 100% secure and I fully expect other vulnerabilities to be discovered for the other video conferencing applications in the future. The challenge will be for companies like CyberArk to find the vulnerabilities before the cyber criminals do.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com