Skip to main content

Microsoft Stopped Hackers Using GIFs To Access User Data

By May 4, 2020May 5th, 2022Cybersecurity

Microsoft Teams (which is the company’s Enterprise chat app) isn’t all business.

Like most other chat apps, it allows those who use it to send amusing animated Gif images.

Unfortunately, that proved to be problematic.

Recently, researchers from CyberArk discovered a serious security issue with Teams that allowed hackers to exploit the Gif function to compromise a user’s account and steal data. To exploit the flaw, hackers could simply compromise the subdomain serving up a poisoned Gif image. Then, simply by viewing the image, the hackers could gain access.

CyberArk notified Microsoft of the existence of the flaw on March 23rd, 2020, and the company moved quickly to patch the issue. So if you use Teams, know that there’s nothing you have to do beyond making sure your system is updated and you’re using the latest version of the app.

While it’s true that compromising a subdomain to serve up poisoned Gifs isn’t a trivial undertaking, it’s certainly not a daunting challenge for an experienced hacker. Although, the researchers at CyberArk pointed out that its main use would be to select high value targets, as opposed to being a mainstream, widely utilized tactic.

Even so, kudos to the sharp-eyed researchers at CyberArk for catching the issue, and to Microsoft for moving so quickly to correct it. The insidious part about issues like these is that they’re virtually impossible to track or trace. There’s no footprint that gets left behind and users would likely never even know they had been targeted.

Unfortunately, given the dramatic rise in popularity of workplace collaboration tools like Microsoft Teams, they have become increasingly tempting targets. Hackers around the world are constantly probing their capabilities, looking for new ways to exploit them and gain advantage. Stay vigilant, it’s dangerous out there.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.