Teams Vulnerability Could Allow Malicious Packages to Run

The update mechanism for the Microsoft Teams desktop app contains a vulnerability that could allow privilege escalation while permitting the average user to download and execute arbitrary files. Researcher Reegun Richard also discovered that malicious code could be executed using Microsoft binary, labeling this a living-off-the-land (LotL) attack. This vulnerability similarly affects GitHub, WhatsApp, and UiPath; however, allowing only the downloading of files. Installation and updating procedures for these apps are managed by the open source project, Squirrel, and use NuGet package manager to administer files. A threat actor could potentially use Squirrel to insert a malicious package containing the shellcode ‘squirrel.exe’ to the NuGet package folder, which will download upon application update. The NJCCIC recommends users of Microsoft Teams desktop, GitHub, WhatsApp, and UiPath apply security updates as they become available. Users can refer to the CBR article or BleepingComputer article for more information.