The update mechanism as it is currently implemented in Microsoft Teams desktop app allows downloading and executing arbitrary files on the system. Multiple security researchers discovered that using the ‘update’ command for a vulnerable application it is possible to execute an arbitrary binary in the context of the current user. The same issue affects GitHub, WhatApp, and UiPath software for desktop computers but it can be used only to download a payload. With Microsoft Teams, a payload is added to its folder and executed automatically using either of the following commands: update.
Source: https://www.bleepingcomputer.com/news/security/microsoft-teams-can-be-used-to-download-and-run-malicious-packages/