Microsoft’s collaboration platform Teams has a vulnerability that allows any user to insert malicious code into the application; gifting control while escalating privileges.
Researchers have found that the Microsoft Teams vulnerability can be manipulated by executing an update command in the desktop version of the application.
This issue also affects the desktop versions of WhatsApp, UiPath and GIthub, however in their case the vulnerability can only be used to download a payload.
Copy your payload into %userprofile%AppDataLocalMicrosoftTeamscurrent
%userprofile%AppDataLocalMicrosoftTeamsUpdate.exe –processStartTo see the full content, share this page by clicking one of the buttons below