Get a Pentest and security assessment of your IT network.

Cyber Security

Microsoft Teams Patch Bypass Allows RCE

Researchers have discovered a workaround for a previous patch issued for Microsoft Teams that would allow a malicious actor to use the service s updater function to download any binary or malicious payload. Microsoft tried to cut off this vector as a conduit for remote code execution by restricting the ability to update Teams via a URL. Microsoft won t be fixing the problem because we determined that this behavior is considered to be by design as we cannot restrict SMB source for update because we have customers that apparently rely on this

Source: https://threatpost.com/microsoft-teams-patch-bypass-rce/158043/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation