4 Microsoft Teams Bugs Put Android Phones in Danger: Is There a Fix?

DuckDuckGo Announces That All Microsoft Third-Party Tracking Scripts Will Now be Blocked
DuckDuckGo announced it will block third-party Microsot trackers in its privacy-focused browser and search engine. Jeenah Moon/Getty Images

Four vulnerabilities have been discovered on the Microsoft Teams platform. Cyber attackers exploited these Microsoft Teams bugs to leak victims' IP addresses and manipulate their internal services. Out of these four bugs, Microsoft patched up one, saying the others were "low severity."

Microsoft Teams is a popular communication platform that specializes in organizing business teams. As such, many rely on its services and security features. Unfortunately, some users might have been exposed to a cyberattack that started in March.

Microsoft Teams Vulnerability Found on Android Smartphones

According to TechRadar, two of the discovered bugs utilize server-side request forgery (SSRF) and spoofing, while the other two bugs are limited to Android devices. However, be warned that all of them could be exploited to leak the victims' IP address and launch Denial of Service (DOS) attacks.

Once infected, a device will also leak information about Microsoft's local network. Its spoofing bug could be used to hide phishing attacks and other malicious links. Because of the DOS bug, a victim's device will constantly crash the Teams app on an Android device, preventing a user from opening a chat or channel.

Researchers said they first disclosed their findings to Microsoft on March 10 through its bug bounty program. However, the software giant only patched up the IP address leak vulnerability in Android.

Microsoft Teams Bugs: Fixing up Vulnerabilities

Microsoft gave researchers a "go-ahead" to reveal its findings to the public. However, the company did not return the request for comment about the findings.

Some timelast March 25, researchers noticed that the DoS and SSRF bugs still remained in the system. When asked about the issue, Microsoft responded that the bug "does not require immediate security service" because it is of "low severity for temporary DoS that requires restart of application," per Threat Post.

Microsoft emphasized that the remaining bugs "do not pose an immediate threat that requires urgent attention due to the general data sensitivity of the IP address data." The issue persisted for a few months.

Fortunately, by the time researchers retested the Microsoft Teams system on December 15, it appears that all issues have been patched by Microsoft.

How to Avoid Scams and Malware

The Microsoft Teams bugs are just one of the many cyber attacks happening on the internet. According to earlier reports, a lot of cybercriminals are taking advantage of the holiday season to trick people into malicious scams. There are three3 Christmas Scams that users should look out for:

  • Fake account expiration notice: this is a scare tactic that fools victims to send money to a scammer.
  • Fake bank and credit card account issues: scammers use this strategy to impersonate representatives from banks or credit businesses to fool a victim to apply for fake accounts. This is also a strategy used to steal personal information.
  • Fraudulent websites that steal money: similar to the banking scam, malicious actors try to imitate fake websites like shopping retailers. Consumers are recommended to watch out for the URL links to validate the website.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics