Microsoft Teams may have downplayed a disastrous security issue - Data Protection - World Safety

Microsoft Teams may have downplayed a disastrous security issue

Data Protection

Microsoft Teams may have downplayed a disastrous security issue

Posted by Nigel Brown on 9 December 2020 at 1:41 pm

Microsoft has been accused of downplaying the severity of a security issue found in its collaboration platform Teams, which was remedied quietly back in October.

According to a report from security engineer Oskars Vegeris, the company failed to warn users of the problem and neither did it seek Common Vulnerabilities and Exposures (CVE) classification, on the grounds that Teams patches are installed automatically.

Roughly one month after disclosure, the cross-site scripting (XSS) vulnerability was classified by Microsoft as “Important, Spoofing”, which Vegeris describes as “one of the lowest in-scope ratings possible”.

However, the scope of potential attacks and the opportunity to access various different areas of the infected network means it demands a much higher threat rating, claims Vegeris.

Microsoft caught lying about security breaches again! Surely not.

Nigel Brown replied 3 years, 9 months ago 1 Member · 0 Replies
0 Replies

Sorry, there were no replies found.

Log In to Reply

Log in to reply.

Please Enable JavaScript in your Browser to Visit this Site.

#t42-content-protector-js-disabled { position: fixed; top: 0; left: 0; height: 100%; width: 100%; z-index: 999999; text-align: center; background-color: #FFFFFF; color: #000000; font-size: 40px; display: flex; align-items: center; justify-content: center; }