Cisco Talos identified eight vulnerabilities across Microsoft's productivity suite that could allow attackers to exploit permissions for malicious purposes, including recording audio and video.
Microsoft claims that its applications can load unsigned libraries for third-party plug-ins without risk, yet recent updates to Teams and OneNote contradicts this, highlighting ongoing vulnerabilities.
The security flaws enable attackers who gain access to the library injection system to leverage the permissions granted to applications by the user, significantly increasing the risk of unauthorized actions.
Researchers express concern that attackers could exploit these vulnerabilities to send emails or exfiltrate data, demonstrating the potential severity of such security oversights.
Collection
[
|
...
]