TeamViewer reports two nearly critical flaws in Windows version
Take action: Given the high prevalence of TeamViewer on many computers, it's wise to update it, even if the flaw is high severity instead of critical. Patching is trivial, so no arguments for not patching (other than being lazy).
Learn More
A pair of high severity vulnerabilities have been identified in the TeamViewer Remote clients for Windows, that allow local privilege escalation.
The flaws are tracked as CVE-2024-7479 and CVE-2024-7481 (both CVSS score 8.8). It allows local privilege escalation by exploiting improper cryptographic signature verification in the TeamViewer_service.exe component, which is part of both the full client and the host versions of TeamViewer for Windows.
The issue allows an attacker with unprivileged local access to elevate privileges and potentially install drivers, leading to a full compromise of the Windows system. The attacker must have physical or remote access to the machine to exploit this vulnerability, but no user interaction is required.
- TeamViewer Remote full client (Windows): Versions below 15.58.4, 14.7.48796, 13.2.36225, 12.0.259312, and 11.0.259311.
- TeamViewer Remote Host (Windows): Versions below 15.58.4, 14.7.48796, 13.2.36225, 12.0.259312, and 11.0.259311.
TeamViewer has released version 15.58.4 to address this issue. Users are strongly advised to update their TeamViewer installations to this latest version or newer to protect against this critical vulnerability. Failure to update could result in system compromise, including unauthorized installation of drivers and elevation of privileges.
