Zero-day in Zoom video conferencing App lets hackers remotely take over your PC/laptop

0

A newly discovered bug in the Zoom video conferencing App for Windows 7 allows remote code execution

Zoom video conferencing App is in the news again and for worse. Researchers have discovered a previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely execute code and take over your PC/laptop. The flaw is only exploitable on computers running on Microsoft Windows 7 operating system and below. The flaw is unpatched as of yet and Zoom says they are working on the fix.

The newly discovered Zero-day in the Zoom Client for Windows could allow remote code execution, according to researchers at 0patch. Zoom has confirmed the flaw.  The 0patch researchers said that the vulnerability is present in any currently supported version of Zoom Client for Windows but said that the flaw was difficult to exploit in the wild.

For one, the flaw is only exploitable on Windows 7 and older Windows systems and secondly, the exploitation of the flaw user interaction and social engineering skills on part of the hacker. The 0Patch researchers say that Zoom is also vulnerable on Windows Server 2008 R2 but they had not tested it. To exploit the flaw, the potential hacker has to first send a specially crafted payload file which the victim has to open. However, once the victim opens this file, there is no security warning during the course of the attack, according to the 0Patch researchers.

Mitigation of the Zoom Zero-day flaw

Windows 7 is still the preferred operating system for millions of users and hence this flaw is critical. Zoom states that they are working on the patch. In the meantime, 0Patch has released FREE micropatches which can help Zoom users to mitigate this zero-day.

To obtain the free micropatch for this issue and have it applied on your computer(s), create a free account in 0patch Central, install 0patch Agent and register it to your account. Note that no computer restart is needed for installing the agent or applying/un-applying any 0patch micropatch.

Proof of Concept video:

Here is the video released by 0Patch that shows how an exploit can be triggered by clicking the “start video” button in the Zoom Client:

Share.

About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments