A malicious actor can tak advantage of the vulnerability and use Microsoft Teams to download and execute malicious packages without needing special privileges.

The Microsoft Team Platform presents a vulnerability that allows a malicious actor insert a malicious code in the app and bring an operator the posibility of execute archives in the system arbitrarily.

For those that don’t know the tool, Microsoft Teams is a communication platform that unifies multiple functionalities (chat, videospeeches, data storage and the posibility to use them in a collaborative way) that was thought for a company use or educational, because it allows to build communities or working groups that can join though an URL or by an invitation.

The error that affects Teams is Squirrel, a project with and open code that is used for instalation and updating process of the desktop app and at the same time it uses the package gestor of open code NuGet to manage data.

 

 

 

 

 

 

 

 

In this way, different security investigators revealed through the execution of an updating command an attacker can take advantage of the error to execute a code arbitrarily, explained BleepingComputer.

Oher apps that are affected by the same reason are Github, WhatsApp and UiPath, although in these cases it can only be exploited to download a payload.

In the case of Microsoft Teams, by adding a payload in the folder it executes itself by using any of the commands Update.exe or squirrel.exe.

 

 

 

Deja un comentario