Technology

Critical vulnerability in Zoom compromises PC with legacy versions of Windows

Критическая уязвимость в Zoom ставит под угрозу ПК с устаревшими версиями Windows

All the news on the map

Slovenian security company ACROS Security has disclosed a vulnerability in software conferencing Zoom that could allow an attacker to remotely execute code on the computer running the affected client Zoom for Windows. The problem only affects users of older versions of Microsoft OS, such as Windows 7, Windows Server 2008 R2 and earlier. The users of Windows 8 and Windows 10 is nothing to worry about.

As explained by the head ACROS Security Kolsek Mitya (Mitja Kolsek), an attacker could remotely execute code on the system with the default Zoom for Windows client, forcing the victim to perform certain actions (e.g. to open a document file). In the process exploit any notification and alert will not be displayed.

Rambler without ads

The vulnerability was discovered by an unknown security researcher, who asked to remain anonymous. He reported the problem ACROS Security, which in turn has notified it Zoom. ACROS Security has also updated its client 0patch, adding a micropatch, closing the vulnerability in four different parts of the code in older versions of Windows.

“Our mikropatchey already released and sent to all connected online applications 0patch Agent. Users Zoom installed 0patch vulnerability are no longer affected,” — said Kolsek.

Here is a video of the exploitation of the vulnerability and a micropatch in action.

Zoom is already working on a fix, but its release date is still unknown. No technical details about the vulnerability ACROS Security not submitted. It is also unclear whether it is exploited in the real attacks.

Video of the day. Vengeance burned the cottage to a friend

Source:

news.rambler.ru

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close

Please disable your ad blocker

We know you are here for the stories. Not the ads. But we need the ads to keep the lights on. So please whitelist Buzzon.live.