[High Risk] Microsoft Teams Remote Code Execution Vulnerability

News 2023-08-19 02:03:49 views: null

Vulnerability description

Microsoft Teams is a team collaboration platform launched by Microsoft, which provides chat, call, online meeting, file sharing and other functions.

In affected versions of Microsoft Teams, an attacker could remotely execute arbitrary code when a user joins a malicious Microsoft Teams meeting set up by the attacker.

Vulnerability name Microsoft Teams Remote Code Execution Vulnerability
Vulnerability type code injection
Discovery time 2023/8/9
Vulnerability Breadth generally
MPS number MPS-2023-9577
CVE number CVE-2023-29330
CNVD number -

Sphere of influence

Microsoft Teams for iOS@(-∞, 5.12.1)

Microsoft Teams for Mac@(-∞, 1.6.00.17554)

Microsoft Teams for Desktop@(-∞, 1.6.00.18681)

Microsoft Teams for Android@(-∞, 1.0.0.2023070204)

Repair plan

Upgrade Microsoft Teams for Desktop to version 1.6.00.18681 or higher

Upgrade Microsoft Teams for Android to version 1.0.0.2023070204 or higher

Avoid joining untrusted Microsoft Teams meetings

The official patch has been released: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330

Upgrade Microsoft Teams for iOS to version 5.12.1 or later

Upgrade Microsoft Teams for Mac to version 1.6.00.17554 or later

reference link

https://www.oscs1024.com/hd/MPS-2023-9577

https://nvd.nist.gov/vuln/detail/CVE-2023-29330

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330

About Murphy Security

Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from Baidu, Huawei, Wuyun and other enterprises. The company provides customers with a complete software supply chain security management platform, and provides software with a full life cycle around SBOM Security management, platform capabilities include software component analysis, source security management, container image detection, vulnerability intelligence early warning and commercial software supply chain access assessment and other products. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.
Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj

The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.
Free code security detection tool: https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj

insert image description here

Guess you like

Origin blog.csdn.net/murphysec/article/details/132204222
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com