Security News > 2020 > August > Microsoft Teams Patch Bypass Allows RCE
Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a malicious actor to use the service's updater function to download any binary or malicious payload. Essentially, bad actors could hide in Microsoft Teams updater traffic, which has lately been voluminous.
While Microsoft tried to cut off this vector as a conduit for remote code execution by restricting the ability to update Teams via a URL, it was not a complete fix, the researcher explained.
"The updater allows local connections via a share or local folder for product updates," Jayapaul said.
Trustwave has published a proof-of-concept attack that uses Microsoft Teams Updater to download a payload - using known, common software called Samba to carry out remote downloading.
"After a successful setup, I initiated the command execution, downloaded remote payload and executed directly from Microsoft Teams Updater, 'Update.exe,'" the researcher explained.
News URL
https://threatpost.com/microsoft-teams-patch-bypass-rce/158043/
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft is killing Skype today, pushes users to Teams (source)
- New Microsoft 365 outage impacts Teams and other services (source)
- Microsoft Teams will soon block screen capture during meetings (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)