Microsoft has disclosed that a since-patched flaw allowed an attacker to take over an organization’s entire system of Microsoft Teams accounts. The subdomain takeover vulnerability in the company’s collaboration platform, Microsoft Teams, potentially allowed an inside attacker to create a malicious GIF image that was then used to steal data from targeted systems and take over all accounts.
The attack involved luring victims into opening a malicious GIF image, according to CyberArk researchers. CyberArk also created a proof-of-concept of the attack. Last Monday, Microsoft patched the vulnerability after it was reported by researchers on March 23.
Read More: Single Malicious GIF Opened Microsoft Teams to Nasty Attack