The TeamViewer team released a new version that includes a patch for a serious vulnerability (CVE-2020-13699), that allowed remote attackers to steal the password of your system and eventually compromise it.
The affected versions are all from 8 to 15.8.2.
What is more concerning is that the attack can be executed almost automatically without requiring much interaction from victims and simply convincing them to visit a malicious website once.
The reported high-risk vulnerability, resides in the way TeamViewer quotes its custom URI handlers, which could allow an attacker to force the software to send an NTLM authentication request to the attacker's system.
Plainly speaking, an attacker can leverage the TeamViewer URI scheme from a web page to trick the application installed on the victim's system into initiating a connection to the attacker's remote SMB share.
Esto, a su vez, triggers the SMB authentication attack, it leaks the system's username and the NTLMv2 hash of the password to the attackers, allowing them to use stolen credentials to authenticate to the victim's computer or network resources.
To successfully exploit the vulnerability, An attacker needs to embed a malicious iframe on a website and then trick victims into visiting that URL created for malicious purposes. Once the victim clicks, TeamViewer will automatically launch its Windows desktop client and open a remote SMB share.
Although the vulnerability is not being actively exploited, considering the popularity of the software among millions of users, TeamViewer has always been a target of interest for attackers.
Therefore, users are strongly advised to update their software to the version 15.8.3, as it is only a matter of time before cybercriminals start exploiting the flaw to hack users' Windows PCs.