After looking at how Microsoft Teams handles image resources, security researchers found a way to take over accounts by sending recipients a regular GIF. The method could have been used for the desktop and web versions of Teams to get access to multiple accounts at once and steal conversations and threads.
Posts Tagged: MS
Microsoft says that Basic Authentication’s removal from Exchange Online is being postponed until the second half of 2021 due to the current situation created by the COVID-19 pandemic. “In response to the COVID-19 crisis and knowing that priorities have changed for many of our customers we have decided to postpone disabling Basic Authentication in Exchange Online… Read more »
Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to: Critical… Read more »
This month, Microsoft wasn’t able to prevent information about these updates from leaking as it usually can. Information about one particular flaw, %CVE:2020-0601%, the “Windows CryptoAPI Spoofing Vulnerability,” was leaked as early as Friday. CVE-2020-0601 has a significant impact on endpoint security. An attacker exploiting this vulnerability will be able to make malicious code look… Read more »
On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI… Read more »