Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

%3CLINGO-SUB%20id%3D%22lingo-sub-1993607%22%20slang%3D%22en-US%22%3EZero-Click%20Wormable%20RCE%20Vulnerability%20Reported%20in%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1993607%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20saw%20the%20following%20article%20%22%3CA%20href%3D%22https%3A%2F%2Fthehackernews.com%2F2020%2F12%2Fzero-click-wormable-rce-vulnerability.html%3Futm_source%3Dfeedburner%26amp%3Butm_medium%3Dfeed%26amp%3Butm_campaign%3DFeed%253A%2BTheHackersNews%2B%2528The%2BHackers%2BNews%2B-%2BCyber%2BSecurity%2BBlog%2529%26amp%3B_m%3D3n.009a.2371.oq0ao0f49j.1htg%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EZero-Click%20Wormable%20RCE%20Vulnerability%20Reported%20in%20Microsoft%20Teams%3C%2FA%3E%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20an%20easy%20way%20to%20report%20on%20what%20client%20versions%20our%20users%20are%20connecting%20with%3F%26nbsp%3B%20The%20device%20usage%20report%20only%20shows%20client%20platform%20and%20not%20the%20specifics%20of%20versions%20which%20users%20are%20running.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1993607%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActivity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAnalytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1994315%22%20slang%3D%22en-US%22%3ERe%3A%20Zero-Click%20Wormable%20RCE%20Vulnerability%20Reported%20in%20Microsoft%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1994315%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20the%20nature%20of%20the%20Teams%20client%20makes%20it%20very%20hard%20to%20report%20on%20such%20things.%20But%20as%20far%20as%20that%20vulnerability%20is%20concerned%2C%20affected%20versions%20should%20already%20be%20updated%2C%20or%20blocked%20(Microsoft%20blocks%20older%20versions%20service-side).%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

I just saw the following article "Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams".

 

Is there an easy way to report on what client versions our users are connecting with?  The device usage report only shows client platform and not the specifics of versions which users are running.

 

Thanks.

1 Reply

No, the nature of the Teams client makes it very hard to report on such things. But as far as that vulnerability is concerned, affected versions should already be updated, or blocked (Microsoft blocks older versions service-side).