HIGHCVSS8.8

TeamViewer < 15.58.4 — LPE

TeamViewer's Windows client installs a kernel driver with improper signature verification, allowing local privilege escalation to SYSTEM. Update to TeamViewer 15.58.4 — relevant where TeamViewer is deployed for remote support.

Published Aug 27, 2024 · Updated May 8, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A local user with standard (non-admin) access can escalate to SYSTEM-level privileges on the workstation. This is a significant risk in environments where TeamViewer is widely deployed for remote support — if a lower-privileged account is compromised (e.g., via phishing), the attacker can immediately escalate to SYSTEM.

How the attack works

TeamViewer installs a kernel-mode driver (TVSVRService) that lacks proper verification of the code it executes. A local user with limited privileges can exploit this driver to load unsigned code into the kernel, achieving SYSTEM privileges. CVE-2024-7481 is a related improper signature verification in the same driver.

Am I affected?Quick check

Probably yes if any of these apply:

●IT Helpdesk Teams

●Desktop Support

●IT Administrators

●IT Security

●Running TeamViewer Remote Client for Windows prior to 15.58.4

Affected OS versions

Windows 10Windows 11Windows Server 2019Windows Server 2022

Fixed inTeamViewer Remote Client 15.58.4

Real-world incidentsWhat we've seen

TeamViewer disclosed CVE-2024-7479 and CVE-2024-7481 in August 2024. The vulnerable driver is installed as part of the TeamViewer Remote Client and runs as a kernel-mode service. In organisations where TeamViewer is deployed for helpdesk support, all workstations running vulnerable versions are exposed to local privilege escalation by any user with local logon access.

How to patch

Manual remediation steps

⏱ 10 minutes (application restart only)

Check TeamViewer Version

# Check installed TeamViewer version
$tvPath = "C:\Program Files\TeamViewer\TeamViewer.exe"
if (-not (Test-Path $tvPath)) {
  $tvPath = "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
}
if (Test-Path $tvPath) {
  (Get-Item $tvPath).VersionInfo.FileVersion
}
# Vulnerable if older than 15.58.4

Check for the Vulnerable Driver

# Check if the vulnerable driver is running
Get-Service -Name "TVSVRService" -ErrorAction SilentlyContinue
Get-WmiObject Win32_SystemDriver | Where-Object { $_.Name -like "*TV*" } |
  Select-Object Name, State, PathName

Update TeamViewer

# Via TeamViewer client: Help > Check for new version

# Via winget:
winget upgrade TeamViewer.TeamViewer

# Or download from https://www.teamviewer.com/en/download/

Enterprise Deployment

# For managed deployments, use the TeamViewer MSI:
# Download: https://www.teamviewer.com/en/download/msi-package/
# Deploy via SCCM/Intune

Verify

(Get-Item "C:\Program Files\TeamViewer\TeamViewer.exe").VersionInfo.FileVersion
# Must show 15.58.4 or later

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2024-7479 ↗ NVD