Update now to the most recent TeamViewer Remote version 15.61. See the Changelogs here.

[Windows] v15.21.4

Esther
Esther Posts: 4,051 Staff member 🤠
edited January 2022 in TeamViewer Remote

Operating system: Windows

Version: 15.21.4

Release date: 2021-08-24

 

New features

  • It's now possible to suppress sending chat messages to a device. This can be achieved by activating the setting for "Disable chat" in the options or via the registry (DisableChat). If disabling chat is activated, the chat tab is no longer visible.
  • It is now possible to keep TeamViewer MSI installations up-to-date using automatic updates.
  • It is now possible to inherit TeamViewer policies to managed devices via managed groups.
  • A new way to display video in meetings is now available: Smart focus, which focuses on your face for better privacy control of your surroundings and more focused meetings!


Improvements

  • Updated UI on media and list view in Meeting, for improved user experience.


Bug Fixes

  • Fixed a bug that would cause the app not to reconnect if the internet connection was lost during a running meeting.
  • Fixed a bug in the UI which prevented displaying the "What's New" window.
  • CVE-2021-34858: Installations with existing TV recording files (TVS) were vulnerable to a problem in file parsing that could have allowed someone to execute arbitrary code and could have caused the binary to crash. User interaction as well as a third-party vulnerability would have been required for remote exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Kdot and the Trend Micro Zero Day Initiative for the responsible disclosure.
  • CVE-2021-34859: In some circumstances, a problem in shared memory management could have caused the TeamViewer service to perform an out-of-bounds read. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Mat Powell and the Trend Micro Zero Day Initiative for the responsible disclosure.
  • TeamViewer is installed by default in the protected Program Files directory. If a user intentionally had chosen to install it in a different location, someone would have been able to leverage a privilege escalation problem. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Maciej Miszczyk for the responsible disclosure.

Edit: this vulnerability has already been patched on August 24th, 2021, with v15.21.2 but due to misunderstanding, did not make it to the initial release notes. 

From a low-privileged user it is possible to modify shared memory and cause the TeamViewer service to perform an out-of-bounds read. The service then writes the data to the TeamViewer log file, where it can be read by the attacker.  

In this way, an attacker can disclose memory from the service process. This may be useful to an attacker as part of a larger exploit, perhaps ultimately resulting in execution of arbitrary code within the TeamViewer service running as SYSTEM. 

We don’t have any indication of exploitation in the wild. Our thanks go to Kharosx0 and the Trend Micro Zero Day Initiative for the responsible disclosure. This was tracked under CVE-2021-35005. This vulnerability has been patched with v15.21.2 on august 24th 2021. 

Former Community Manager

Comments

  • JRG67
    JRG67 Posts: 7

    @Esther Thank you so much for this! FINALLY!

    • It is now possible to keep TeamViewer MSI installations up-to-date using automatic updates.


  • sinesang
    sinesang Posts: 10

    do we know how this work? if our user is non admin user,will it get the update without user prompt for password?

  • Esther
    Esther Posts: 4,051 Staff member 🤠

    Hi @JRG67 Happy to hear that 🙌

    And @sinesang: There won´t be a UAC dialog, the user can perform the update as the update will be executed via the TeamViewer Service that has admin rights.

    We created a Knowledge Hub article for the MSI Auto Update. I hope you find it helpful:


    Former Community Manager

  • Esther
    Esther Posts: 4,051 Staff member 🤠

    See today´s update for a bug fix: [Windows] v15.21.5

    Former Community Manager

  • Esther
    Esther Posts: 4,051 Staff member 🤠

    See this update for another improvement: [Windows] v15.21.6

    Former Community Manager

  • Justin
    Justin Posts: 802 [Former Staff]

    See this update for another improvement: [Windows] v15.21.8

    German Community Moderator

  • sinesang
    sinesang Posts: 10
    edited September 2021

    @Esther thanks for the information ...i am trying the the auto update from 15.21.4 MSI installation to 15.21.8 since last week and it was always error ..log file seem to say download is failed from TV site... is this a known issue?

     UpdateBase::OnDownloadFinishedUpdateFile - CInetDownload::ThreadRun - Wrong Status Code: 404 StatusMessage: "Not Found" Occured while retrieving: download.teamviewer.com/download/version_15x/update/update_msi_15.21.8.zip

  • @sinesang I am having the same trouble. I opened a support case regarding it. It seems to be working randomly as about a 1/3 of my environment has auto updated but the rest has not. A couple trickle in each day. Go to the top of the page and mouse over "Service" and then click on "submit a ticket". Reference my ticket number as well, # 35964432.


    James

  • TV_Benjamin
    TV_Benjamin Posts: 48 Staff member 🤠

    Hello @sinesang ,

    thank you for your message.

    This is a problem, that's currently under investigation already.

    In the meantime there seems to be a (somewhat unpleasing) workaround:

    If the download cannot be started by the client, you can enter the download URL and make the second "update" have a upper case "U" (download.teamviewer.com/download/version_15x/update/Update_msi_15.21.8.zip) in the browser (the download starts and downloads a zip).

    If you then simply go into the client and clicks the update button again, it should then work.

    Alternatively, you can also unzip the downloaded zip and execute the update.msi directly.


    We're sorry for the inconvenience

    Have a great weekend

    Best, Benjamin

  • tkirk
    tkirk Posts: 7
    edited September 2021

    Hello @Esther . Does the user have to be involved? If we choose "Install new versions automatically", will Teamviewer automatically upgrade silently in the background, or will the user get a notification saying somthing like "New Update ready to install, press here..... "

    We would prefer autoupdate to just run automatically without the user noticing at all :)

  • JRG67
    JRG67 Posts: 7
    edited September 2021

    @tkirk no, the user (or admin) doesn't have to be involved and yes it will run as a system app in the background to do the update. I can confirm that when it works (currently there is a known issue with the autoupdate URL) it upgrades just fine without an admin being involved.

  • Cool, sounds like a feature I need to test and maybe roll out for my users then :)

  • sinesang
    sinesang Posts: 10
    edited September 2021

    The auto downlaod issue seem not resolved? i still getting the error when auto update. @JRG67 @TV_Benjamin - does it work for you . I am installed with 15.21.4

  • tkirk
    tkirk Posts: 7

    @TV_Benjamin any news on the autoupdate issue?

  • TV_Benjamin
    TV_Benjamin Posts: 48 Staff member 🤠

    Hello @sinesang and @tkirk ,

    sorry for the late reply. It seems your messages slipped.

    As far as I know this issue should be resolved by now. Can you please check if that's the case? If not I'd suggest raising a ticket so we can have a deeper look into it.

    Thanks in advance :)

    Best,

    Benjamin