With Microsoft Teams, a payload is added to its folder and executed automatically using either of the following commands: Update.exe -update Multiple security researchers discovered that using the 'update' command for a vulnerable application it is possible to execute an arbitrary binary in the context of the current user. These applications rely on the open source Squirrel project to manage installation and updating routines, which uses NuGet package manager to create the necessary files. The same issue affects GitHub, WhatApp, and UiPath software for desktop computers but it can be used only to download a payload. The update mechanism as it is currently implemented in Microsoft Teams desktop app allows downloading and executing arbitrary files on the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |