A vulnerability has been discovered across the GIFfy used in Microsoft Teams. This attack allows hackers to use Microsoft Teams to execute phishing-style attacks and allows commands to be executed secretly to steal information and/or data, thanks to a GIF in a conversation.
Until Microsoft releases a fix, I would advise you to completely disable the ability to use GIFs in Teams.
To do so, go to your Teams Admin Center portal. There are two places to go to modify it:
- Users > Guest access
In the messaging section, deactivate Giphy in conversations - In Messaging Policies, disablethe Giphy in conversations option.