Back to Announcements

Information – Potential exposure of data while app sharing with Microsoft Teams in VDI when using SlimCore-based optimization

Announcements Sourav Nandi

20/02/2025 16:40:00 PM

NHSmail Reference: INC46457043

Microsoft Reference: MC999168

Potential exposure of data while app sharing with Microsoft Teams in VDI when using SlimCore-based optimization

https://admin.microsoft.com/#/MessageCenter/:/messages/MC999168

Potential exposure of data while app sharing with Microsoft Teams in VDI when using SlimCore-based optimization

Microsoft have identified an issue affecting the Microsoft Teams service, which may lead to an inadvertent exposure of data when a user within your organization is sharing using the application sharing feature of Microsoft Teams in VDI with the new Slimcore-based optimization.

Upon further investigation, they’ve detected a problem of a possible data exfiltration when user is application sharing, and drags another window on top of shared window, resulting in a corner of the top window possibly being shared briefly (in order of a few frames).

This may impact any user within your organization using SlimCore-based optimization on the following Teams versions:

Teams Client is 24335.208.3315.1951 (December-A), with SlimCore older than 2024.47.1.26

Teams Client is 25007.607.3371.8436 (January-A), with SlimCore older than 2024.50.1.26

Teams Client is 25017.203.3370.1174 (January-C), with SlimCore older than 2024.50.1.26

If a user within your organization is presenting using the now legacy WebRTC based optimization, they should not encounter this issue.

To resolve the issue, we’re deploying a configuration update which will result in automated updates to the SlimCore components to non-vulnerable versions for recent Teams desktop client (versions 24335.208.3315.1951, 25007.607.3371.8436, 25017.203.3370.1174).

How this will affect your organization

If users are on affected Teams clients using SlimCore optimization for VDI, users can be notified to avoid overlapping the shared application window with other content to remove risk of unintended exposure of data from overlapping window.

What actions do I need to take?

As a part of Microsoft’s commitment to privacy and transparency, we want to make you aware of the issue and provide you with the actions required to prevent this issue from affecting your organization.

To ensure you do not encounter this issue, you need to update the deployed version of Teams to a min version of 24335.208.3315.1951.

If no action is taken, then application sharing feature will be disabled for users of SlimCore optimization for VDI in March 2025 when running an older vulnerable version of Teams Client, versions prior to 24335.208.3315.1951.

back to top