‘Zero-click, wormable, cross-platform’ vuln deemed ‘important, spoofing’ rather than, say, ‘aaargh!’
At some point since August, Microsoft quietly fixed a cross-site scripting (XSS) bug in its Teams web app that opened the door to a serious remote code execution (RCE) vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app.…
Source:: Register