Published:
2019/02/28
Last Updated:
2020/04/01
Information from Microsoft Japan Co.,Ltd.
Vulnerability ID:JVN#79543573
Title:The installer of Microsoft Teams may insecurely load Dynamic Link Libraries
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
This issue was fixed in Microsoft Teams version 1.3.00.362. Microsoft Teams version 1.3.00.362 and newer versions are not affected.
How Microsoft will respond to DLL planting issues is explained in the following blog article.
Triaging a DLL planting vulnerability
https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/