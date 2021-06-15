The vulnerability actually came through the PowerApps service Microsoft offers to businesses. This allows them to create business-specific use cases on Microsoft’s products, like Teams, Excel and more. Attackers could exploit the lack of URL verification in PowerApps to exploit a company’s users, which can be catastrophic for them. “The severity of this vulnerability is amplified by the permissions granted to Microsoft Power Apps within Microsoft Teams," the company said on its blog. “Successful exploitation of this flaw allows attackers to take control of any users that access the malicious tab. This includes reading the victim users’ group messages within Teams, accessing the users’ email and OneDrive storage, and more," it added.

