1 min read

Zero-Day Vulnerability in Zoom Affected Windows 7 Users

Silviu STAHIE

July 13, 2020

Zero-Day Vulnerability in Zoom Affected Windows 7 Users

A zero-day vulnerability affecting the Zoom client for Windows has been discovered that would allow an attacker to execute arbitrary code on remote devices. Only Windows 7 and older OSes were affected, further complicating the situation.

Zoom vulnerabilities pop up constantly, but that”s also likely due in part to the app’s sudden popularity. The COVID-19 pandemic pushed the Zoom app to the forefront, mostly because of permissive default features that allowed people to use it without a premium account.

With so many users actively engaging in videoconferences, it was just a matter of time before Zoom become an active target for hackers and security researchers. Out of all possible problems, zero-day vulnerabilities are the most troublesome.

In this case, it was a vulnerability available only in Windows 7 and older products. Even if these products are no longer supported, it doesn’t mean that they”re not used. In fact, Windows 7 still has a market share of around 5%. Given the large number of PCs out there, that leaves a lot of vulnerable devices.

“The vulnerability allows a remote attacker to execute arbitrary code on victim’s computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file. No security warning is shown to the user in the course of attack,” said the researchers from 0patch who disclosed the exploit.

For unknown reasons, the researcher who found the problem didn’t want to report the vulnerability to Zoom and left this job to 0patch. Following disclosure, Zoom issued a patch that covered the Windows 7 version.

Unfortunately, it’s only a matter of time before other security issues are found with Windows 7 and its interactions with other software. Since Microsoft no longer supports the OS, the problems will only go away when people stop using that operating system.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read