Microsoft Teams & GIFs

“Why do I always have to update my software? What is a patch update and why is it so important?

It is hard enough to emphasize to business leaders and their employees the importance of strong network security.

You also know that keeping track of what they are using in regard to software and hardware is difficult, and even more so with almost everyone working remotely as of today. Having software updates deployed automatically – and not deferred – is something that you’re likely already doing. However, if employees are responsible for performing those updates on their own, for example, if they’re using a personal device for work, are you confident they’re doing so?

As we know, new threats pop up every day, and there is no room for lax protection measures.

“I keep rescheduling the update, I don’t have time to wait while it installs and reboots.”

Take for example the recent discovery on the Microsoft Teams application. Here we have a widely used platform from a software giant, and it was discovered to be susceptible to hackers via GIFs. The GIF function contained an issue that would allow hackers to exploit its functionality and compromise a subdomain which would poison the GIF and allow access and management to a user’s account and data. This wasn’t complicated, in fact, all a user had to do was view the GIF and they could have been an unsuspecting victim.  No clicking, no responding, just viewing.

After being notified on March 23, 2020, Microsoft IT support quickly remedied the issue with a patch update. Had a user not known about this, a very likely scenario, they would not have known to be mindful and could possibly have been hacked.

“I don’t need the new version.”

This is a perfect example of showing how everyone is susceptible when it comes to possible hacking, including the giants of any industry. And more importantly, users need to understand that when a patch is issued, it doesn’t always just mean a feature enhancement, but can likely include fixes to address bugs and flaws.

With the ways that we engage changing daily, these types of communication platforms will likely become a regular target.  Now more than ever, we need to explain the importance of staying diligent and aware of potential threats.