Zoom Zero-Day Flaw Allegedly Allows Full Takeover of Windows PCs

Zoom has been a clusterfuck from the giddy up smh

Video conferencing software Zoom is again in the spotlight over an alleged critical vulnerability that could allow an attacker to take over the victim’s computer and all data on it.

Discovered by an unnamed security researcher and reported to Acros Security, the vulnerability is said to be present in all versions of Zoom for Windows, but reportedly only affects Windows 7 and older versions of the OS. According to Acros CEO Mitja Kolsek, the flaw is likely also exploitable on Windows Server 2008 R2 and earlier versions.

The vulnerability is apparently serious, as it allegedly allows a malicious actor to run any code on the victim’s system – essentially any type of malware (ransomware, keylogger, etc.), as well as spy on the user or copy the contents of the hard drive.

It is unclear why the hacker needs to exploit a vulnerability in Zoom if the attack “can be pulled off by getting the victim to perform a typical action such as opening a received document file,” as relayed by Acros to Help Net Security.

Kolsek says the flaw can be exploited through several attack scenarios, but his company is holding off more detailed information and the proof-of-concept (PoC) until Zoom Video Communications acts on its flawed product. A temporary ‘micropatch’ developed by Kolsek’s company is reportedly available.

Bitdefender cannot verify the efficacy of the patch and recommends setting Zoom aside until an official fix arrives from the vendor. It is also recommended to stop using any deprecated operating system and upgrade to a newer version supported with security updates.

via Zoom Zero-Day Flaw Allegedly Allows Full Takeover of Windows PCs – HOTforSecurity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.