GIFs, Cookies, And A Microsoft Teams Hack

unsplash-logoKevin Ku

Share a GIF, Share a Hack

Microsoft says they’ve fixed a vulnerability that allowed Microsoft Teams to be hacked via a .GIF file. CyberArk published their findings on April 27th regarding a subdomain takeover that can leave Microsoft Teams open to intrusion. The breach works on both the desktop and web versions of the programs.

Here’s how it works. First, you open Teams and it creates a temporary access token. Next, other tokens are created to support services in Teams. There are two cookies, however, used to restrict permissions. The restrictive token is then sent to Teams and its subdomains.

This is where, if the hacker can force the user to visit the subdomain, the hack happens. Cookies are sent to the attackers server. The attacker can then gain permissions with those authentication cookies.

This attack chain is complex, but can be done by sending a malicious link or a .GIF to that vulnerable subdomain. Clicking on it allows the hacker, now armed with authentication, to generate a token to access the user’s Teams sessions.

Hacking into a Teams session is incredibly valuable for a hacker looking for inside secrets, documents, company files, or a host of other information that can be leveraged for money.


To clarify, that was a very fancy way of saying a hacker can use the different ways a program accesses your machine to hack into it. Microsoft has patched that vulnerability. Even the most elaborate ways into a machine should be explored, exploited in a controlled environment, and fixed. This way the less technically inclined aren’t accidentally finding themselves compromising their company secrets.

Above all, this is another example of why you need to keep your systems updated as soon as the patch is released. There will always be vulnerabilities. As long as you’re updated and using common sense, you have a good chance of staying ahead of the bad guys.

Stay safe.

1,269 total views, 8 views today

(Visited 1 times, 2 visits today)

One thought on “GIFs, Cookies, And A Microsoft Teams Hack

  1. I was hacked last year. Here’s how: went online to find Quicken telephone number. Called it. Guy helping me suggested letting him on my computer. I did. He then found my credit card information which I didn’t find out until the next day when a 300 dollar bill appeared on my account. But here’s the real damage: Capitalone was aware of this outfit but still continued to let them operate. I disputed the charges but when they found out I had let them on my computer they said I had to pay. This is dubious reasoning.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.