Teams application Archives

Tech Optimizer

November 2, 2025

Hackers Exploit Fake Microsoft Teams Ads to Deploy Rhysida Ransomware

Cybercriminals are deploying deceptive ads for Microsoft Teams that lead users to malicious software downloads, including ransomware like Rhysida’s OysterLoader. These ads appear prominently in search results and redirect users to counterfeit websites. The malware, often disguised as the legitimate Teams application and signed with counterfeit certificates, can evade antivirus detection and compromise systems. Microsoft has revoked over 200 compromised certificates to disrupt these campaigns and issued warnings about downloading software from unverified sources. The rise of these attacks targets collaboration tools, particularly amid the remote work trend, with hackers exploiting platforms like Teams for espionage and credential theft. Experts recommend navigating directly to official websites and implementing strong endpoint protection to combat these threats.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

Winsage

August 12, 2025

Office 365 gets new ‘companion apps’ that live in the Windows taskbar

Microsoft has introduced mini-apps called Microsoft 365 companions for Windows 11 users, which include functionalities for People, File Search, and Calendar. Access to these companions is limited to organizations that opt into the beta features. The mini-apps reside in the taskbar, allowing users to access essential functions without launching full applications. The People companion enables quick access to contacts, the File Search companion allows seamless searching through cloud files, and the Calendar companion lets users join Teams calls directly from the taskbar. The status of these mini-apps within the Windows 11 ecosystem is uncertain, and while mobile versions may be forthcoming, there is no official confirmation from Microsoft yet.

Winsage

March 29, 2025

Hackers Bypass Windows Defender Security—What You Need To Know

Elite red team hackers have revealed a significant vulnerability in the Windows ecosystem, specifically a method to bypass Windows Defender Application Control (WDAC), which is designed to restrict application execution to trusted software. Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was successfully targeted to bypass WDAC, allowing the execution of a Command and Control payload. The techniques used included utilizing "Living Off The Land Binaries" (LOLBINS), side-loading a trusted application with an untrusted dynamic linked library, exploiting a custom exclusion rule from a client WDAC policy, and discovering a new execution chain within a trusted application. Microsoft acknowledged awareness of the WDAC bypass report and stated they would take action as needed to protect customers.

Winsage

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

Microsoft's Windows Defender Application Control (WDAC) has become a target for cybersecurity researchers, with bug bounty payouts for successful bypasses. IBM's X-Force team reported various outcomes from WDAC bypass submissions, including successful bypasses that lead to potential bounties, those added to the WDAC recommended block list, and submissions without recognition. Notable contributors like Jimmy Bayne and Casey Smith have made significant discoveries, while the LOLBAS Project has documented additional bypasses, including the Microsoft Teams application. The X-Force team successfully bypassed WDAC during Red Team Operations using techniques such as utilizing known LOLBINs, DLL side-loading, exploiting custom exclusion rules, and identifying new execution chains in trusted applications. Electron applications, which can execute JavaScript and interact with the operating system, present unique vulnerabilities, as demonstrated by a supply-chain attack on the MiMi chat application. In preparation for a Red Team operation, Bobby Cooke's team explored the legacy Microsoft Teams application, discovering vulnerabilities in signed Node modules that allowed them to execute shellcode without triggering WDAC restrictions. They developed a JavaScript-based C2 framework called Loki C2, designed to operate within WDAC policies and facilitate reconnaissance and payload deployment. A demonstration of Loki C2 showcased its ability to bypass strict WDAC policies by modifying resources of the legitimate Teams application, allowing undetected code execution. The ongoing development of techniques and tools by the X-Force team reflects the evolving cybersecurity landscape and the continuous adaptation required to counter emerging threats.

Winsage

September 26, 2024

Microsoft’s Update Decision—Millions Of Windows Users Given New January Deadline

Microsoft has notified Windows users that the new Teams client will require upgrades to newer operating systems to maintain support. Users on older versions of Windows 10 (prior to version 21H2) and macOS (11 or earlier) will see warning banners within the next two weeks, with Teams ceasing to function on these systems starting January 15, 2025. This move encourages users to upgrade, particularly targeting enterprise users, as support for Windows 10 version 21H2 ended three months ago. Microsoft is promoting Windows 11 for its security features and integration benefits, emphasizing the urgency for the approximately 70% of Windows users still on Windows 10 to transition before the end-of-life deadline approaches.