CVE-2020-17091: Microsoft Teams Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Nov

Released

2020-11-10

Last Updated

2020-11-12

EPSS Score

1.39% (percentile: 80.4%)

FAQ

How do I know if I'm protected from this vulnerability? Microsoft Teams Versions 1.3.00.13 or above are protected. If these versions are installed there is no need to take any action. If an earlier version is installed, Microsoft encourages installation of the latest available Teams version. How can I find out what version of Teams I am running? Click on the User Avatar at the top right of the Teams Windows. Click on About, then Version. The version will be displayed in the banner below the Search bar. Where do I get the latest version of Teams? Latest version of Microsoft Teams can be downloaded at Download Microsoft Teams.

Affected Products (1)

Microsoft Office

• Microsoft Teams

Acknowledgments

<a href="https://twitter.com/mattaustin/">Matt Austin</a>

Revision History

• 2020-11-10: Information published.
• 2020-11-12: Added an FAQ. This is an information change only.