After reports of a serious bug, the developer behind TeamViewer, the popular remote desktop management software, has released an important patch to seal this vulnerability. Because TeamViewer allows users to share what’s displayed on their desktops with anyone in the world (and, more importantly, grant someone else access to their computer), vulnerabilities in TeamViewer can be fairly serious. This specific TeamViewer vulnerability provides the presenter with an opportunity to overtake the viewer’s system, and vice versa.
If your enterprise uses TeamViewer, we strongly recommend updating to the latest version to prevent this exploit from being used in your network.
Understanding the TeamViewer hack
TeamViewer uses Microsoft’s Remote Desktop Protocol, allowing the presenter and viewer to share screens using a secret authentication code. Fortunately, this vulnerability can only be exploited if the authentication code is shared and both screens are connected.
A GitHub user named gellin originally reported this vulnerability by publishing a proof-of-concept code that contains an injectable C++ DLL file. This code exploits naked inline hooking and memory alterations to change TeamViewer permissions. According to gellin’s report, this exploit can be used by both the host and the client.
If the exploit is performed on the server’s side, the “switch sides” feature can be enabled, allowing the server to initiate a change of control on the client. If the same maneuver is executed on the client’s side, it will allow them to take control of the server’s keyboard and mouse, without any consideration for the server’s settings and permissions.
TeamViewer hack remedies
TeamViewer has already released patches for Windows, Mac, and Linux, which you can download to manually update TeamViewer on each of your individual systems. Alternatively, you can use our patch management solution, Patch Manager Plus, to patch up to 25 computers for free.
Already using Patch Manager Plus in your network? Navigate to the Patches tab, click Supported Patches, then search for the bulletins below.
Bulletin information
For Windows:
Bulletin ID: TU-057
Patch ID: 306780
Version: TeamViewer 13 (13.0.5640)
For Mac:
Bulletin ID: MAC-043
Patch ID: 601352
Version: TeamViewer 13 (13.0.5640)
As last month’s Microsoft Office Equation Editor vulnerability shows, hackers can exploit software vulnerabilities faster than you might think. Don’t leave your enterprise vulnerable by waiting to patch TeamViewer. If you’re still wondering how a patch management solution can make a difference in your enterprise, we recommend reading this article and checking out our online demo.
TeamViewer is nice software, but it’s prohibitively expensive for small organizations. Honestly, we use SCCM, so we use the built-in remote control and remote assistance features for internal support issues
I am only reading this because I have been hacked via TeamViewer’s with a subsequent virtual robbery of 12000 euros from my bank account. Left stranded with a couple of Coinbase accounts open on my name from my email. And lost it all in the Local Bitcoin pandemonium where the transactions were made as if I was the author…with the involvement of CB Payments bridge as acting as a ‘mule’ for the crime…
thanks for the info.