Heads up, this week Microsoft disclosed that they are storing access tokens for Microsoft Teams in plain text. This impacts all versions of Microsoft Teams, regardless of the Operating System.

This would allow threat actors with local access to an affected system to steal the tokens and remotely sign in to the compromised account. The vulnerability affects the desktop versions of Microsoft Teams on Windows, Mac, and Linux.

While a patch is unlikely to be released for this finding, there are several mitigations that can be put in place:

Ensure Global Admin accounts aren’t being used for everyday activities

Contact a managed service provider, like Tech in a Flash, to setup an application whitelisting product to block Teams from accessing other parts of your computer.

For high-risk clients, use the web version of Teams

This includes Government Agencies, Contractors, and CMMC clients

If you're unsure your account is a global administrator, contact us so we can assist you.