Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

TVulnerability in Facebook Messenger for Windows

 

Systems Affected


Facebook Messenger Desktop Application version 460.16

Threat Level


Medium


Overview


This vulnerability allows an attacker to execute malicious files already present on a compromised system.


Description


According to the researchers this vulnerability application triggers a call to load Windows Powershell from the location of "C:python27". This path automatically creates when installing python version 2.7 which does not commonly exist in most windows installations.

An attacker could hijack such calls to load potentially non-existence resources to covertly execute malware to gain persistence and extended access to the system.


Impact


  ✻  Possibility of exposing confidential information to unauthorized parties
  ✻  System could be infected with malware


Solution/ Workarounds


  ✻  Upgrade to the latest Facebook Messenger Desktop version 480.5
     https://www.microsoft.com/en-us/p/messenger/9wzdncrf0083?activetab=pivot:overviewtab


References


  ✻  https://www.cert-in.org.in
  ✻  https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
  ✻  https://thehackernews.com/2020/06/facebook-malware-persistence.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.