Microsoft Teams bug allowing phishing unpatched since March

Microsoft said it won’t fix or is delaying patches for several security flaws impacting Microsoft Teams’ link preview feature reported since March 2021.

German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message of Death (Android).

Bräunlein reported the four flaws to the Microsoft Security Response Center (MSRC), which investigates vulnerability reports concerning Microsoft products and services

Read more…
Source: Bleeping Computer