Microsoft Teams, a platform designed for teamwork management in enterprise environments, contains a vulnerability that, if exploited, would allow any user to inject malicious code into the platform and increase their privileges, report specialists in IT system audits.
According to reports, the Microsoft Team vulnerability can be exploited by running an update command on the desktop version of the application. This issue also affects the desktop versions of WhatsApp and Github, however, it should be noted that the vulnerability can only be used to download a payload on the aforementioned sites.
All applications affected by this flaw employ an open source project called Squirrel, used to manage the installation and update of routines, while NuGet package manager controls the files, experts report on IT system audits.
The company has not yet corrected the reported vulnerability; on the other hand, Reegun Richard, expert in charge of reporting the flaw to Microsoft, proposed suspending the Team platform until the company resolved the incident; however, upon discovering that other specialists were working on this flaw, he began publishing his findings in order to help correct them.
The expert discovered that he could execute malicious code from Microsoft’s legitimate binary without increasing its privileges, and in case the application has control of the system files, the privileges could be easily scaled.
As for exploiting the flaw, any hacker can trick the Microsoft Teams update feature into downloading the malicious code using the company binary. The attacker must extract any nupkg package in which they can insert the shell code identified as “squirrek.exe”. When the hacker creates the appropriate package, they can go to the application folder and run the update.exe command; the application will be updated and downloaded the attacker’s shell code.
Experts in IT system audits from the International Institute of Cyber Security (IICS), Richard’s decision to disclose this vulnerability is related to Microsoft’s delay in releasing an update, so users remain Exposed.