{"id":22705,"date":"2021-12-23T11:12:03","date_gmt":"2021-12-23T10:12:03","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22705"},"modified":"2021-12-23T11:12:03","modified_gmt":"2021-12-23T10:12:03","slug":"microsoft-teams-bugs-notrufe-blockiert-phishing-lcke-seit-mrz-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/12\/23\/microsoft-teams-bugs-notrufe-blockiert-phishing-lcke-seit-mrz-2021\/","title":{"rendered":"Microsoft Teams Bugs: Blocks Emergency calls, unpatched phishing vulnerability since March 2021"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Tor\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" border=\"0\" alt=\"Teams\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Teams-e1623389219383.jpg\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/12\/23\/microsoft-teams-bugs-notrufe-blockiert-phishing-lcke-seit-mrz-2021\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Another collective article on Microsoft Teams, which is widely used, but has a somewhat idiosyncratic implementation and above all is teeming with bugs and attracts negative attention in this regard every now and then. Today on offer: Since March 2021, Microsoft has been aware of four vulnerabilities in Teams that allow phishing via the link preview. And on Android, it can happen that Microsoft Teams blocks emergency calls. Here's a quick overview.<\/p>\n<p><!--more--><\/p>\n<h2>Phishing vulnerabilities in Microsoft Teams<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/905701d7088a45c7821da9fec6d3c194\" width=\"1\" height=\"1\">Fabian Br\u00e4unlein, founder of German security firm Positive Security, encountered four vulnerabilities in Microsoft Teams back in the spring of 2021, which he reported to the Microsoft Security Response Center (MSRC) on March 10, 2021, according to <a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns\" target=\"_blank\" rel=\"noopener\">this blog post<\/a>.&nbsp; <\/p>\n<p><a href=\"https:\/\/twitter.com\/positive_sec\/status\/1473593727574843395\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"MS Teams Bugs\" alt=\"MS Teams Bugs\" src=\"https:\/\/i.imgur.com\/c6WXPVb.png\"><\/a><\/p>\n<p>The whole thing came to attention after Br\u00e4unlein stumbled across a code execution vulnerability in <a href=\"https:\/\/positive.security\/blog\/ms-officecmd-rce\" target=\"_blank\" rel=\"noopener\">Code Execution-Schwachstelle in Windows 10 via IE11\/Edge Legacy and MS Teams<\/a>. Br\u00e4unlein started looking for a way to bypass Teams\/Electron's same-origin policy. The idea was to go from JavaScript to executing arbitrary code by sending commands to a locally launched Node.js debug web socket server. By the end of the day, Fabian Br\u00e4unlein and his team had encountered the four vulnerabilities listed below.&nbsp; <\/p>\n<ul>\n<li><a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns#1-ssrf\" target=\"_blank\" rel=\"noopener\">1 &#8211; Server-Side Request Forgery<\/a>\n<li><a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns#2-spoofing\" target=\"_blank\" rel=\"noopener\">2 &#8211; URL preview spoofing<\/a>\n<li><a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns#3-ip-address-leak-android\" target=\"_blank\" rel=\"noopener\">3 &#8211; IP address leak<\/a>\n<li><a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns#4-denial-of-service-aka-message-of-death-android\" target=\"_blank\" rel=\"noopener\">4 &#8211; Message of Death (DoS)<\/a><\/li>\n<\/ul>\n<p>The bugs are explained in detail in the linked blog post by the security researcher. The URL preview spoofing bug (number 2 in the list above) can be used by attackers for phishing attacks or to cloak malicious links. However, Microsoft's MSRC team does not see any problem in this bug and replied:<\/p>\n<blockquote>\n<p>MSRC has investigated this issue and concluded that this is not an immediate threat that requires urgent attention because once the user clicks on the URL, they would have to go to that malicious URL, which would be an indication that it is not the one the user was expecting.<\/p>\n<\/blockquote>\n<p>On March 25, 2021, the ticket in question was closed, Microsoft will not close this bug in the current version, they said. In the meantime we have the end of 2021 and the bug is still unpatched. Therefore, Fabian Br\u00e4unlein, who is not really happy because of the bug bounty for the Windows 10 vulnerability mentioned above (the screw-up by Microsoft is touched on <a href=\"https:\/\/www.google.com\/intl\/en_us\/chrome\/\" target=\"_blank\" rel=\"noopener\">here<\/a>), has published the <a href=\"https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns\" target=\"_blank\" rel=\"noopener\">blog post<\/a> on December 22, 2021 then &#8211; I came across the issue via <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-teams-bug-allowing-phishing-unpatched-since-march\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>.<\/p>\n<h2>Teams blocked emergency calls in Android<\/h2>\n<p>In mid-December 2021, it became known through various reports (I didn't have this on the blog, as I located it to emergency calls in the US) that users who had Microsoft Teams installed on Android may not be able to place emergency calls to 911. I'll link to <a href=\"https:\/\/uk.pcmag.com\/android\/137584\/google-says-microsoft-teams-can-prevent-android-phones-from-calling-911\" target=\"_blank\" rel=\"noopener\">this post<\/a> from PC Magazine (English). There the boundary conditions and implications are explained. Microsoft has since released version 1416\/1.0.0.2021194504 of the Teams Android app, which does not require uninstalling and then reinstalling the app to fix the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another collective article on Microsoft Teams, which is widely used, but has a somewhat idiosyncratic implementation and above all is teeming with bugs and attracts negative attention in this regard every now and then. Today on offer: Since March 2021, &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/12\/23\/microsoft-teams-bugs-notrufe-blockiert-phishing-lcke-seit-mrz-2021\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,580,1547],"tags":[69,1413],"class_list":["post-22705","post","type-post","status-publish","format-standard","hentry","category-issue","category-security","category-software","tag-security","tag-teams"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22705"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22705\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}