Login

Register

Login

Register

Zoom to Patch Zero-Day Vulnerability in Windows 7 | #exploits | #cybersecurity | #informationsecurity


The flaw also affects older versions of the operating system, even if they’re fully patched.

An unpatched and previously unknown security vulnerability has been discovered in the Zoom Client for Windows, affecting computers running Windows 7 and older OS versions. 

The vulnerability enables a remote attacker to execute arbitrary code on a victim’s machine where Zoom Client for Windows – any supported version – is installed. The flaw could be exploited by tricking a user into performing a typical action, such as opening a document file. Users will not see a security warning over the course of the attack.

Zoom has confirmed the flaw and is working on a patch, Forbes reports. The videoconferencing company was informed by security firm 0patch, which learned of the bug from a researcher who requested anonymity. 0patch analysis confirmed it’s only exploitable on Windows 7 and older systems. It may be exploitable on Windows Server 2008 R2 and earlier, though the systems weren’t tested. 

It’s important to note Windows 7 users are vulnerable to this kind of attack even if their systems are fully updated with extended security updates, 0patch points out. Zoom clients on Windows 8 and 10 are not affected. 0patch has released a micropatch to protect users of its 0patch agent as Zoom works on its own fix.

Microsoft terminated support for Windows 7 and Windows Server 2008 earlier this year, meaning technical assistance and software updates via Windows Update are longer available.

Read more details here. 

 

 

Black Hat Register now for this year’s fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on conference information and to register.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

 

Recommended Reading:

More Insights

_________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.





Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW