1 min read

Zoom Zero-Day Flaw Allegedly Allows Full Takeover of Windows PCs

Filip TRUȚĂ

July 10, 2020

Zoom Zero-Day Flaw Allegedly Allows Full Takeover of Windows PCs

Video conferencing software Zoom is again in the spotlight over an alleged critical vulnerability that could allow an attacker to take over the victim”s computer and all data on it.

Discovered by an unnamed security researcher and reported to Acros Security, the vulnerability is said to be present in all versions of Zoom for Windows, but reportedly only affects Windows 7 and older versions of the OS. According to Acros CEO Mitja Kolsek, the flaw is likely also exploitable on Windows Server 2008 R2 and earlier versions.

The vulnerability is apparently serious, as it allegedly allows a malicious actor to run any code on the victim”s system – essentially any type of malware (ransomware, keylogger, etc.), as well as spy on the user or copy the contents of the hard drive.

It is unclear why the hacker needs to exploit a vulnerability in Zoom if the attack “can be pulled off by getting the victim to perform a typical action such as opening a received document file,” as relayed by Acros to Help Net Security.

Kolsek says the flaw can be exploited through several attack scenarios, but his company is holding off more detailed information and the proof-of-concept (PoC) until Zoom Video Communications acts on its flawed product. A temporary “micropatch” developed by Kolsek”s company is reportedly available.

Bitdefender cannot verify the efficacy of the patch and recommends setting Zoom aside until an official fix arrives from the vendor. It is also recommended to stop using any deprecated operating system and upgrade to a newer version supported with security updates.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read