Fwd: [CIVN-2020-0240] Vulnerability in Facebook Messenger for Windows

Severity Rating: HIGH

Systems Affected

Facebook Messenger Desktop application version 460.16

Overview

A vulnerability has been reported in Facebook Messenger desktop application

for Windows operating systems which could allow an attacker to execute

malicious files already present on a compromised system.

Description

This vulnerability exists in Facebook Messenger client call to Windows

Powershell at the path ¿C: \ python27¿ which corresponds to a directory

created by the Python interpreter installer.

Successful exploitation of this vulnerability could allow an attacker to

execute malicious files already present on a compromised system, allowing

the malware to gain persistence and extended access to the system.

Solution

Upgrade to Facebook Messenger Desktop version 480.5

https://www.microsoft.com/en-us/p/messenger/9wzdncrf0083

References

https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/

https://thehackernews.com/2020/06/facebook-malware-persistence.html

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0240] Vulnerability in Facebook Messenger for Windows

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive