Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. The original method was first disclosed last year and relies on using the update command to run arbitrary binary code in the context of the current user. Microsoft s fix allows only local network paths to access and update the Teams package. A patch for the new method is unlikely to emerge, as Microsoft labeled this a design flaw, and a fix would impact some customers’ operations.
Source: https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/