{"id":277323,"date":"2023-01-28T01:43:43","date_gmt":"2023-01-28T00:43:43","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=277323"},"modified":"2023-01-28T01:43:43","modified_gmt":"2023-01-28T00:43:43","slug":"microsoft-teams-remote-code-execution-rce-schwachstelle","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2023\/01\/28\/microsoft-teams-remote-code-execution-rce-schwachstelle\/","title":{"rendered":"Microsoft Teams: Remote Code Execution (RCE) Schwachstelle"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Tor\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" border=\"0\" alt=\"Teams\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Teams-e1623389219383.jpg\"\/>Kleiner Nachtrag in Sachen Sicherheit und Microsoft Teams. Die beiden Sicherheitsforscher @adm1nkyj1 und @jinmo123 haben an pwn2own 2022 in Vancouver teilgenommen. Dort versuchten Sie Microsoft Teams zu hacken, sind aber an der Zeitvergabe gescheitert. Beide haben einen Bug entdeckt, der sich f\u00fcr einen Exploit eignet. Der Deeplink-Handler f\u00fcr<em> \/l\/task\/:appId<\/em> in Microsoft Teams kann eine beliebige Url in Webview\/iframe laden. Angreifer k\u00f6nnen dies mit der RPC-Funktionalit\u00e4t von Teams ausnutzen, um Code au\u00dferhalb der Sandbox auszuf\u00fchren. Die Sicherheitsforscher haben die Details in <a href=\"https:\/\/blog.pksecurity.io\/2023\/01\/16\/2022-microsoft-teams-rce.html\" target=\"_blank\" rel=\"noopener\">diesem Blog-Beitrag<\/a> geteilt. Danke an Jan R. f\u00fcr den Hinweis. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kleiner Nachtrag in Sachen Sicherheit und Microsoft Teams. Die beiden Sicherheitsforscher @adm1nkyj1 und @jinmo123 haben an pwn2own 2022 in Vancouver teilgenommen. Dort versuchten Sie Microsoft Teams zu hacken, sind aber an der Zeitvergabe gescheitert. Beide haben einen Bug entdeckt, der &hellip; <a href=\"https:\/\/borncity.com\/blog\/2023\/01\/28\/microsoft-teams-remote-code-execution-rce-schwachstelle\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[4328,5595],"class_list":["post-277323","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-sicherheit","tag-teams"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/277323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=277323"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/277323\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=277323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=277323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=277323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}