Security News > 2020 > August > Microsoft Teams Patch Bypass Allows RCE
Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a malicious actor to use the service's updater function to download any binary or malicious payload. Essentially, bad actors could hide in Microsoft Teams updater traffic, which has lately been voluminous.
While Microsoft tried to cut off this vector as a conduit for remote code execution by restricting the ability to update Teams via a URL, it was not a complete fix, the researcher explained.
"The updater allows local connections via a share or local folder for product updates," Jayapaul said.
Trustwave has published a proof-of-concept attack that uses Microsoft Teams Updater to download a payload - using known, common software called Samba to carry out remote downloading.
"After a successful setup, I initiated the command execution, downloaded remote payload and executed directly from Microsoft Teams Updater, 'Update.exe,'" the researcher explained.
News URL
https://threatpost.com/microsoft-teams-patch-bypass-rce/158043/
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)