Zero-Day Vulnerability in Zoom Affected Windows 7 Users

A zero-day vulnerability affecting the Zoom client for Windows has been discovered that would allow an attacker to execute arbitrary code on remote devices. Only Windows 7 and older OSes were affected, further complicating the situation.

DevOps Connect:DevSecOps @ RSAC 2022

Zoom vulnerabilities pop up constantly, but that’s also likely due in part to the app’s sudden popularity. The COVID-19 pandemic pushed the Zoom app to the forefront, mostly because of permissive default features that allowed people to use it without a premium account.

With so many users actively engaging in videoconferences, it was just a matter of time before Zoom become an active target for hackers and security researchers. Out of all possible problems, zero-day vulnerabilities are the most troublesome.

In this case, it was a vulnerability available only in Windows 7 and older products. Even if these products are no longer supported, it doesn’t mean that they’re not used. In fact, Windows 7 still has a market share of around 5%. Given the large number of PCs out there, that leaves a lot of vulnerable devices.

“The vulnerability allows a remote attacker to execute arbitrary code on victim’s computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file. No security warning is shown to the user in the course of attack,” said the researchers from 0patch who disclosed the exploit.

For unknown reasons, the researcher who found the problem didn’t want to report the vulnerability to Zoom and left this job to 0patch. Following disclosure, Zoom issued a patch that covered the Windows 7 version.

Unfortunately, it’s only a matter of time before other security issues are found with Windows 7 and its interactions with other software. Since Microsoft no longer supports the OS, the problems will only go away when people stop using that operating system.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: