A flaw in Microsoft Teams allows users to join unprotected external tenants when accepting guest invitations, bypassing Defender for Office 365 protections. This gap exposes users to potential phishing and malware risks, as attackers can exploit cross-tenant security weaknesses. Organizations are urged to tighten their guest access policies to mitigate these risks.

Check Point Research identified critical vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, spoof notifications, and impersonate users. Four specific types of attacks were detailed, highlighting the potential for business email compromise and identity fraud. Microsoft has issued fixes for these issues, but concerns remain about security.