top of page

IDOR Vulnerability In Microsoft Teams

Affects:

1200px-Microsoft_365_logo.png

Severity:

HIGH

Productivity Impact:

MEDIUM

Fix Estimate:

1-2 minutes

Automatically protected by:

PREMIUM-logo-label-m.png

Sign up for our BETA

Research:

https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/

Summary:

Allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration

Remediation details

Disable external access in Teams


  1. Navigate to https://admin.teams.microsoft.com/dashboard

  2. Click on Users > External Access and change settings accordingly


Note. This will affect any existing external access granted so be sure to review the changes with your users to negate business impact




bottom of page