Vulnerability in Microsoft Teams could compromise your infrastructure

Microsoft Teams, a platform designed for teamwork management in enterprise environments, contains a vulnerability that, if exploited, would allow any user to inject malicious code into the platform and increase their privileges, report specialists in IT system audits.

According to reports, the Microsoft Team vulnerability
can be exploited by running an update command on the desktop version of the
application. This issue also affects the desktop versions of WhatsApp
and Github, however, it should be noted that the vulnerability can only be used
to download a payload on the aforementioned sites.

All applications affected by this flaw employ
an open source project called Squirrel, used to manage the installation and
update of routines, while NuGet package manager controls the files, experts
report on IT system audits.

The company has not yet corrected the reported
vulnerability; on the other hand, Reegun Richard, expert in charge of reporting
the flaw to Microsoft, proposed suspending the Team platform until the company
resolved the incident; however, upon discovering that other specialists were
working on this flaw, he began publishing his findings in order to help correct
them.

The expert discovered that he could execute
malicious code from Microsoft’s legitimate binary without increasing its
privileges, and in case the application has control of the system files, the
privileges could be easily scaled.

As for exploiting the flaw, any hacker can
trick the Microsoft Teams update feature into downloading the malicious code
using the company binary. The attacker must extract any nupkg package in which
they can insert the shell code identified as “squirrek.exe”. When the
hacker creates the appropriate package, they can go to the application folder
and run the update.exe command; the application will be updated and downloaded
the attacker’s shell code.

Experts in IT system audits from the
International Institute of Cyber Security (IICS), Richard’s decision to
disclose this vulnerability is related to Microsoft’s delay in releasing an
update, so users remain Exposed.

(Visited 4 1 times)

Comments are closed.