[tiarafawn]

You would need Teams installed AND an application that opens the malicious link. IE11 and Edge Legacy do that without prompting the user, other browsers display a confirmation dialog. There is a patch addressing the specific exploit path via MS Teams.

The underlying argument injection in LocalBridge.exe (which is the binary processing the JSON payload) is still present, which can be exploited to open other office apps with injected command line arguments. Someone might find another way to run arbitrary code using command line switches other than --gpu-launcher