READ MORE
Explaining how the flaw works in a post online, Vegeris said: Attacker sends or edits an existing message, which looks completely normal to victim. Victim executes code upon looking at the message. That s it. There is no further interaction from the victim. Now your company s internal network, personal documents, Office 365 documents, mail, notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited. So let s expand on that. What if the recipients then automatically post it in their teams, channels? Everybody gets exploited. Did you know you can be a guest in other organisations?