1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft Teams guest access could let hackers bypass some critic

    From TechnologyDaily@1337:1/100 to All on Friday, November 28, 2025 14:45:09
    Microsoft Teams guest access could let hackers bypass some critical security protections

    Date:
    Fri, 28 Nov 2025 14:23:00 +0000

    Description:
    Experts say to limit external Microsoft Teams guest invitations to trusted domains only.

    FULL STORY ======================================================================Microsof t Teams guest chat feature creates unprotected attack vector for malware and phishing Guests rely on hosts security, enabling malicious actors to bypass usual protections Businesses advised to restrict external invites, disable chats, and train staff on phishing risks

    A new feature recently added to Microsoft Teams has also introduced a fundamental architectural gap - a vulnerability that could be exploited to drop malware, share phishing links and more - all without triggering the
    usual security alarms, experts have warned.

    Cybersecurity researchers Ontinue found the guest access feature in Microsoft Teams creates an unprotected attack vector.

    The feature lets any Teams user start a new chat with anyone, just by their email address, meaning even if the recipient doesnt use Teams, they can get
    an invite via email and join the chat as a guest. By default, this feature is enabled for eligible licenses (SMB licenses such as Teams Essentials,
    Business Basic, Business Standard, etc.). Bypassing security protocols

    However, when someone joins another persons Teams environment as a guest,
    they are not bringing their own security protocols - they are protected with whatever security protocols their host has.

    So, if the host is malicious and has no security protocols, they could share malicious files with the guests without triggering any alarms. And since the communication is happening outside the victims own environment, they wont be notified of any risks that way, too.

    In theory, a threat actor could impersonate someone, invite the victim for a Teams chat, and have them open a phishing link, or download malware. Since
    the invitation is sent by Microsofts own infrastructure, and the actual chat happens in Teams, the victim might lower their guard.

    At the moment, Microsoft is keeping quiet about it and is yet to answer to media inquiries.

    In the meantime, businesses are advised to limit external Teams invitations
    to trusted domains only, and control cross-tenant access.

    Furthermore, they could disable external chats and should educate their employees about phishing attacks and unsolicited messages - regardless of the platform theyre coming from.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-teams-guest-access-could-let- hackers-bypass-some-critical-security-protections


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)