During the COVID-19 pandemic, digital communication platforms have experienced widespread substantial growth. Zoom has been the big winner, but Microsoft services like Microsoft Teams, Office 365, and Skype have also enjoyed a significant uptick. However, platforms are under strain and problems have been observed.

Again, Zoom is king of the issues and has faced numerous problems. However, Microsoft Teams has not been immune, including several major outages. Microsoft has confirmed it has patched a bug that was found in Teams last month.

Back last month, security teams working for CyberArk described a Teams bug that put user accounts at risk and subsequently parent PCs.

Specifically, the bad actor would send a GIF to unsuspecting users. When it was received  by the victim, the attacks would work in the background to steal security tokens and take data.

Cookie Attack

Using an “src” attribute, the GIF needed to be opened in a browser by the Microsoft Teams users. If the victim fell for the phish, the GIF would sent the “authtoken” cookie. This is used to help authenticate web images for Microsoft’s Teams and Skype services.

With this cookie, attackers could enter user data and steal it.

“The Teams client uses one of these created tokens to allow a user to see images shared with them or by them, as those images are stored on Microsoft’s servers, which applies authorization control. This token, called “skype token,” can also be seen as a cookie named “skypetoken_asm.” While this token has more usages more than just giving access to images, that’s what we’ll focus on here.”

Microsoft was informed about the bug on March 23. Now the company says it has rolled out a fix. Microsoft Research Center Worked with CyberArk on the fix and both say there is no evidence the vulnerability was exploited.