When is a remote-code-execution bug in Teams not an RCE? When Microsoft says it isn't, flaw finder discovers

'Zero-click, wormable, cross-platform' vuln deemed 'important, spoofing' rather than, say, 'aaargh!'

Updated At some point since August, Microsoft quietly fixed a cross-site scripting (XSS) bug in its Teams web app that opened the door to a serious remote-code-execution (RCE) vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app....