Government issues 'warning' for Microsoft Teams users: Update the app right now

Microsoft Teams users have been urged to update the app immediately. The government has issued a high-priority security warning, saying that hackers have been exploiting a vulnerability that may lead to potential data breaches. The Indian Computer Emergency Response Team (CERT-In) has classified the threat as “high severity,” affecting both individual users and large organisations that rely on the platform for daily communication and video meetings.According to the official CERT-In bulletin, the security flaw stems from "Improper Access Control" within the software, allowing an attacker to bypass standard security measures and disclose sensitive information over a network. The original issue date came on February 25.“A vulnerability has been reported in Microsoft Teams, which could be exploited by an attacker to disclose sensitive information. Organizations and enterprises using Microsoft Teams for internal communication and collaboration. High risk of unauthorized access to meetings, chats, and shared files if misconfigured or improperly secured,” Cert-In said in its warning.If the flaw is exploited, hackers may gain access to private meetings allowing them to eavesdrop on active video calls; access to chat histories and they may reading confidential internal messages; and download sensitive documents stored within the Teams environment. The vulnerability impacts all versions and platforms that support Microsoft Teams, including Windows and macOS desktop applications, Android and iOS mobile apps and web-based versions of the platform. It is possible that since Microsoft Teams is integrated with other Microsoft services like Office 365 and the Windows operating system, hackers may potentially expose broader system data.“Microsoft Teams is a cloud-based collaboration platform integrated with Microsoft 365 that enables messaging, meetings, calling, and file sharing. This vulnerability exists in Microsoft Teams due to Improper Access Control. Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information over a network,” the warning added.Microsoft has already released an update and Teams users are required to update the app immediately by checking for the latest security patches within the app settings and installing them right away. Users are also advised to be cautious of clicking on unexpected links or downloading files from unknown participants in a meeting. Updating to the latest version remains the single most effective way to prevent an attack.