Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
A bug in the latest version of Microsoft Teams allows for external sources to send files to an organization's employees even though the application typically blocks such activity, researchers have found. This give threat actors an alternative to complex and expensive phishing campaigns to deliver malware into target organizations — but Microsoft won't be addressing it as a priority.