10 July 2020

RCE-bug found in Zoom client for Windows


RCE-bug found in Zoom client for Windows

Zoom, a company behind the popular videoconferencing software, is working on a patch for a serious vulnerability in its Zoom client for Windows.

Reported by Across security, the issue is a remote code execution flaw that allows an adversary to execute code by tricking a victim into performing some typical action such as opening document file without any warning being shown to the user.

According to the 0patch team, the flaw has several mitigating factors. Firstly, it is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. Secondly, the attack requires user interaction.

Zoom has confirmed the vulnerability in a statement.

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” the company said.

Back to the list

Latest Posts

FireEye shares details on SolarWinds hacking techniques

FireEye shares details on SolarWinds hacking techniques

The FireEye’s report in great depth outlines the four primary techniques used by the hackers.
20 January 2021
FreakOut botnet exploits recent flaws to compromise Linux systems

FreakOut botnet exploits recent flaws to compromise Linux systems

The campaign targets Linux devices running TerraMaster TOS, Zend Framework, or Liferay Portal software.
20 January 2021
Malwarebytes confirmed it was targeted by SolarWinds hackers

Malwarebytes confirmed it was targeted by SolarWinds hackers

The hackers used a dormant email protection product within the company’s Office 365 tenant that allowed access to a limited subset of internal emails.
20 January 2021