PT: Windows users are at risk due to system vulnerabilities

Information security company Positive Technologies has published on its blog the results of a study of the company’s Microsoft Teams platform. They discovered four vulnerabilities that threaten users of different operating systems.

The most dangerous vulnerabilities discovered allow the attacker to send malicious links that can hide under the guise of “administrator”.
For example, a legitimate site will be displayed in the preview window, and when clicked, a different link will open than the one the user expected. Microsoft Teams users on Windows, Mac, iOS, Android, and Linux can fall victim to phishing.

Two more vulnerabilities expose information about participants in conference calls, give IP addresses, as well as data from Microsoft servers.
The fourth vulnerability will prevent the attacker from accessing the user’s data, but he will be able to “break” his application by sending an invalid link. For example, if the user clicks on a link that contains an extra character, their application will crash.

Positive Technologies reported all shortcomings in Microsoft Teams in March 2021, but the Windows manufacturer responded that the vulnerabilities found “do not pose a threat.”
Microsoft believes that when a user navigates to a malicious site, they will notice the difference and leave them alone.