IDOR Vulnerability In Microsoft Teams

Research:

https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/

Summary:

Allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration

Remediation details

Disable external access in Teams

1. Navigate to https://admin.teams.microsoft.com/dashboard
2. Click on Users > External Access and change settings accordingly

Note. This will affect any existing external access granted so be sure to review the changes with your users to negate business impact