You might get an urgent message on Teams from someone claiming to be your Head of HR asking you to review a payroll document. If you click their login link, a hacker instantly gets full access to your company network. This is the reality of the recent microsoft teams security flaw that is currently putting millions of accounts at risk.
Hackers know that Teams is the digital front door to your company data. Microsoft released details about a severe remote code execution bug known as CVE-2025-53783 late last year. Attackers can use this vulnerability to run malicious code on your computer just by sending you a specifically crafted chat message. To make things worse, Teams leaves external chat access open by default, allowing anyone with a random email address to impersonate your coworkers.
Here is exactly how to lock down your account and stay safe right now.
Fix 1 Force a Manual Teams Update
Do not assume your Teams app updates itself automatically in the background. Microsoft released a patch for the remote code execution vulnerability, but you have to make sure it is actually installed.
- Click the three dots next to your profile picture in the top right corner of the Teams app.
- Go to Settings and click About Teams.
- Look for the Check for updates button and click it.
- Let the app download the latest secure version and restart.
Fix 2 Shut Down External Chat Access
If you manage the IT settings for your company, you need to change this default setting today. Leaving this open is exactly how scammers send phishing links to your employees.
- Log in to the Microsoft Teams Admin Center.
- Navigate to the left sidebar, click Users, and select External access.
- Find the toggle that says Users can communicate with other Skype for Business and Teams users.
- Turn this off immediately. Keep it off unless your company absolutely requires chatting with outside vendors on a daily basis.
Fix 3 Look for the External Tag
Before you click any link or download any file in Teams, look right next to the person name at the top of the chat. If there is a small grey box that says External, they are not inside your company network. You should treat every link they send as highly suspicious.
Fix 4 The Phone Call Verification
This is the only method that actually works against human impersonation. If your boss or CEO messages you on Teams asking for a wire transfer, gift cards, or an urgent password reset, stop whatever you are doing.
Pick up your phone and call them. Text them on WhatsApp. Ask them out loud if they just sent that message. It might feel a little awkward the first time, but this simple habit stops almost all major phishing scams.
The Bottom Line
Many tech websites will tell you to just change your Microsoft password to stay safe. Changing your password is a good habit, but it does absolutely nothing to stop a hacker from messaging you through an open external chat flaw. Do not bother installing random third party Teams security extensions either, as many of them are malware in disguise. Stick to the official Microsoft updates, turn off external access, and always trust your gut if a message feels wrong.
