If you are making use of TeamViewer, then beware and make positive you are operating the hottest version of the well-known remote desktop relationship software program for Windows.
TeamViewer team not too long ago produced a new edition of its application that incorporates a patch for a serious vulnerability (CVE 2020-13699), which, if exploited, could enable remote attackers steal your technique password and finally compromise it.
What’s additional worrisome is that the assault can be executed practically quickly without the need of requiring significantly conversation of the victims and just by convincing them to pay a visit to a destructive web site the moment.
For these unaware, TeamViewer is a popular distant-support computer software that allows customers to securely share their desktop or acquire comprehensive management of other’s Computer about the Online from anyplace in the environment.
The remote obtain software is available for desktop and cellular running units, like Home windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8, and BlackBerry.
Found by Jeffrey Hofmann of Praetorian, the newly claimed high-threat vulnerability resides in the way TeamViewer offers its tailor made URI handlers, which could let an attacker to power the program to relay an NTLM authentication ask for to the attacker’s system.
In very simple phrases, an attacker can leverage TeamViewer’s URI plan from a world wide web-page to trick the software set up on the victim’s technique into initiating a link to the attacker-owned distant SMB share.
This, in switch, triggers the SMB authentication attack, leaks the system’s username, and NTLMv2 hashed version of the password to the attackers, enabling them to use stolen qualifications to authenticate the victims’ laptop or computer or community means.
To successfully exploit the vulnerability, an attacker needs to embed a malicious iframe on a web-site and then trick victims into going to that maliciously crafted URL. After clicked by the sufferer, TeamViewer will automatically launch its Windows desktop client and open up a remote SMB share.
Now, the victim’s Home windows OS will “execute NTLM authentication when opening the SMB share and that ask for can be relayed (employing a device like responder) for code execution (or captured for hash cracking).”
This vulnerability, categorized as ‘Unquoted URI handler,’ influences “URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1,” Hofmann reported.
The TeamViewer project has patched the vulnerability by quoting the parameters passed by the influenced URI handlers e.g., URL:teamviewer10 Protocol “C:Software Information (x86)TeamViewerTeamViewer.exe”http://thehackernews.com/”%1”
While the vulnerability is not being exploited in the wild as of now, looking at the acceptance of the program between thousands and thousands of users, TeamViewer has generally been a focus on of curiosity for attackers.
So, consumers are very advisable to update their computer software to the 15.8.3, as it truly is barely a subject of time ahead of hackers started off exploiting the flaw to hack into users’ Home windows PCs.
A similar SMB-authentication attack vector was previously disclosed in Google Chrome, Zoom video conferencing app, and Signal messenger.