Teamviewer: High-risk loopholes allow rights to be extended

There are high-risk security gaps in the Teamviewer remote maintenance software that allow attackers to extend their rights in the system. On Tuesday of this week, the manufacturer released updated software that plugs the security leaks.

Teamviewer discusses the vulnerabilities in a security bulletin. In the Teamviewer remote clients, attackers can abuse insufficient cryptographic verification of driver installations to escalate their rights and install drivers (CVE-2024-7479, CVE-2024-7481; both CVSS 8.8, risk"high").

Teamviewer Remote Full Client and Teamviewer Remote Host affected

The vulnerabilities affect the TeamViewer_service.exe component in both Teamviewer Remote Host and Teamviewer Remote Full Client, both for Windows. Version 15.58.4 or newer, available since Tuesday of this week, closes these vulnerabilities.

Affected are the TeamViewer Remote Full Client and Teamviewer Remote Host for Windows in versions prior to 15.58.4, 14.7.48796, 13.2.36225, 12.0.259312 and 11.0.259311. The bug-fixed software versions are available for download on the Teamviewer download page. Anyone using Teamviewer should update as soon as possible.

Teamviewer does not mention any temporary countermeasures. Whether it is already being abused in the wild also remains unclear. However, it has been reported by Trend Micro's Zero Day Initiative as part of a Responsible Disclosure. Teamviewer does not discuss how to recognize a successful attack.

Read also

TeamViewer attack: investigation completed, users are not affected

At the end of June this year, suspected Russian attackers were able to access Teamviewer's internal IT environment. The software itself was not compromised, a spokesperson said at the beginning of July when the results of the investigation into the incident were published. Teamviewer had brought in expertise from Microsoft to investigate the intrusion and respond appropriately.

(dmk)