“Squirrel”, in its turn uses package manager NuGet to download necessary files.
As security researchers have discovered, using the update command in vulnerable applications, you can download and execute code in the context of the current user. The same goes for ‘squirrel.exe‘.
In the case with Microsoft commands, the payload is added to the application folder and executed automatically using the Update.exe -update [url to payload] or squirrel.exe -update [url to payload] commands.
These commands can be used with other arguments, including “download”, allowing to get a remote payload in the form of a NuGet package. The method also works for ‘squirrel.exe’, which is a part of the Microsoft Teams installation package.Security researcher Reegun Richard notified Microsoft about the issue on June 4 this year. Currently, the desktop application for Microsoft Teams is still vulnerable, since patch will arrive only in future releases.
Prior to release of the patch, Richard promises not to disclose the details of the problem. However researcher from the RingZer0 Team under the nick Mr. Un1k0d3r also discovered the problem and published the details.
Source: https://medium.com
About Janorfeb.xyz Janorfeb.xyz pop-ups can not open out of nowhere. If you have clicked on…
About Re-captha-version-3-263.buzz Re-captha-version-3-263.buzz pop-ups can not launch out of the blue. If you have actually…
About Usavserver.com Usavserver.com pop-ups can not expose out of the blue. If you have clicked…
About Yourgiardiablog.com Yourgiardiablog.com pop-ups can not expose out of the blue. If you have actually…
About Bihanrit.xyz Bihanrit.xyz pop-ups can not launch out of nowhere. If you have actually clicked…
About Thenetaservices.com Thenetaservices.com pop-ups can not introduce out of the blue. If you have actually…