Exploit in Microsoft Teams Allows for Malware to be Uploaded and Downloaded

Microsoft Teams is known for being a reliable chatting software that many businesses use for communicating and sharing documents within your company. We utilize Teams every day at Hammett Technologies and could not be happier with its overall ease of use, innovation, and productivity. However, recently, security researchers have discovered an exploit within the business chatting software from Microsoft. This exploit could potentially allow for malicious files to be downloaded and executed.

How Can It Happen?

Microsoft Teams utilizes the Squirrel project, which deals with installation and updating. Through the use of the “update” command, hackers can potentially upload and execute malicious files into Microsoft Teams. Along with this are other exploits, allowing for remote download and execution of malicious files.

What Can I Do?

When it comes to computer viruses, the rule of thumb is always to make sure you and your team have strong passwords in place. This can deter unwanted guest from gaining access to your accounts and causing damage to your company. This rule applies here, as well. The only way malicious files can be uploaded Teams is through access, therefore, ensure that all members have strong passwords, ensure that permissions are set in place to ensure that those less trusted, or those with temporary access, are unable to upload or download documents.

If you are unsure about the security of your Microsoft Teams environment, call Hammett Technologies! Our free assessment scans for issues like these and will bring security risks to your attention immediately.