It has been disclosed that a serious vulnerability in Microsoft Teams has been discovered by Tenable’s Zero-Day Research Team. By abusing PowerApps functionality (a separate product used within Teams for building and using custom business apps), threat actors could gain persistent read/write access to a victim user’s email, Teams chats, OneDrive, Sharepoint, and a variety of other services by way of a malicious Microsoft Teams tab and Power Automate flows.
Exploit of this vulnerability is limited to authenticated users within a Teams organisation who have the ability to create Power Apps tabs, meaning it can’t be exploited by an untrusted/unauthenticated attacker. However, the permission to create these tabs is enabled by default, meaning a third-party contractor, disgruntled employee, or even an ex-employee whose access hasn’t been revoked could launch an attack.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
