Forum Discussion

Andrew Matthews's avatar
Andrew Matthews
Iron Contributor
Jun 27, 2019
Solved

Teams Updater Vulnerability

There are reports circulating that the Teams auto-update process suffers from the same unsigned code execution as other application built with Electron. Running the Update.exe processStart wit...
teams
update
  • John Rea's avatar
    John Rea
    Nov 14, 2019

    This particular squirrel vulnerability was fixed in Teams version 1.2.00.21068.

    Thanks!
    John

Kahizen's avatar
Kahizen
Copper Contributor
Oct 22, 2019
Nothing over here: https://cve.mitre.org/
Javier_M's avatar
Javier_M
Copper Contributor
Nov 04, 2019

Hi all,

Please, anyone knows if the vulnerabilty is still present in Teams v1.2.00.27559 (October 24, 2019)?

Thank you!

  • John Rea's avatar
    John Rea
    Icon for Microsoft rankMicrosoft
    Nov 14, 2019

    This particular squirrel vulnerability was fixed in Teams version 1.2.00.21068.

    Thanks!
    John

    • Donovon Dildine's avatar
      Donovon Dildine
      Brass Contributor
      Feb 20, 2020

      John Rea  Is there any official resource I can confirm this? My management is asking. Thank you!!

  • Kahizen's avatar
    Kahizen
    Copper Contributor
    Nov 04, 2019
    Vulnerability MS Teams https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5922
    Recommendation hardening your deployment of Windows 10: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework
    • reegun's avatar
      reegun
      Copper Contributor
      Nov 12, 2019

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5922 is not related to this.

       

      New update was pushed for this vulnerability on 1st week of Nov and fixed now, No CVE for this.

       

      - Reegun J

      • Kahizen's avatar
        Kahizen
        Copper Contributor
        Nov 12, 2019
        Thanks for the clarification