Vulnerability description
Microsoft Teams is a team collaboration platform launched by Microsoft, which provides chat, call, online meeting, file sharing and other functions.
In affected versions of Microsoft Teams, an attacker could remotely execute arbitrary code when a user joins a malicious Microsoft Teams meeting set up by the attacker.
Vulnerability name | Microsoft Teams Remote Code Execution Vulnerability |
---|---|
Vulnerability type | code injection |
Discovery time | 2023/8/9 |
Vulnerability Breadth | generally |
MPS number | MPS-2023-9577 |
CVE number | CVE-2023-29330 |
CNVD number | - |
Sphere of influence
Microsoft Teams for iOS@(-∞, 5.12.1)
Microsoft Teams for Mac@(-∞, 1.6.00.17554)
Microsoft Teams for Desktop@(-∞, 1.6.00.18681)
Microsoft Teams for Android@(-∞, 1.0.0.2023070204)
Repair plan
Upgrade Microsoft Teams for Desktop to version 1.6.00.18681 or higher
Upgrade Microsoft Teams for Android to version 1.0.0.2023070204 or higher
Avoid joining untrusted Microsoft Teams meetings
The official patch has been released: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330
Upgrade Microsoft Teams for iOS to version 5.12.1 or later
Upgrade Microsoft Teams for Mac to version 1.6.00.17554 or later
reference link
https://www.oscs1024.com/hd/MPS-2023-9577
https://nvd.nist.gov/vuln/detail/CVE-2023-29330
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330
About Murphy Security
Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from Baidu, Huawei, Wuyun and other enterprises. The company provides customers with a complete software supply chain security management platform, and provides software with a full life cycle around SBOM Security management, platform capabilities include software component analysis, source security management, container image detection, vulnerability intelligence early warning and commercial software supply chain access assessment and other products. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.
Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj
The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.
Free code security detection tool: https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj