Critical flaws in Microsoft Teams can be used to allow an attacker to manipulate messages, spoof notifications and even impersonate executives, according to a report released Tuesday by Check Point Research.
Researchers found four vulnerabilities that allow attackers, including external hackers and malicious insiders, to manipulate Teams messages, conduct business email compromise or forge identities in video calls or phone messages.
Researchers found that attackers could conduct four specific types of attacks:
- Attackers could edit Teams messages without leaving the “edited” label behind in the message.
- Message notifications could be manipulated so that they appeared to be from another sender.
- Attackers could change the display name inside private chats.
- Caller identities could be altered in video and audio calls.
Teams is one of the top enterprise messaging platforms in the world, with more than 320 million users. The report comes amid a rising wave of social engineering and vishing attacks against corporate executives, political figures and others, where hackers send out disinformation and false requests or conduct business email compromise BEC attacks by gaining access to privileged accounts.
Check Point researchers said they uncovered a total of four different vulnerabilities in Teams that required deep fixes to the platform.
“Each fix added a different logic layer to the platform, which overall mitigated the flaws,” Oded Vanunu, head of product vulnerability research at Check Point, told Cybersecurity Dive.
Microsoft officially tracked a notification spoofing vulnerability as CVE-2024-38197. Microsoft issued guidance on the flaw last year, and other related flaws were resolved in October. Check Point said the most recent fixes from Microsoft, completed last month, involved issues with audio and video messages.
