Zoom Patches Zero-Day Vulnerability in Windows 7

  /     /     /  
Publicated : 23/11/2024   Category : security


Zoom Patches Zero-Day Vulnerability in Windows 7


The flaw also affects older versions of the operating system, even if theyre fully patched.



Update: Zoom 
confirmed
it has patched the vulnerability in Zoom client version 5.1.3.
An unpatched and previously unknown security vulnerability has been discovered in the Zoom Client for Windows, affecting computers running Windows 7 and older OS versions. 
The vulnerability enables a remote attacker to execute arbitrary code on a victims machine where Zoom Client for Windows – any supported version – is installed. The flaw could be exploited by tricking a user into performing a typical action, such as opening a document file. Users will not see a security warning over the course of the attack.
Zoom has confirmed the flaw and is working on a patch, Forbes
reports
. The videoconferencing company was informed by security firm 0patch, which learned of the bug from a researcher who requested anonymity. 0patch analysis confirmed its only exploitable on Windows 7 and older systems. It may be exploitable on Windows Server 2008 R2 and earlier, though the systems werent tested. 
Its important to note Windows 7 users are vulnerable to this kind of attack even if their systems are fully updated with extended security updates, 0patch points out. Zoom clients on Windows 8 and 10 are not affected. 0patch has released a micropatch to protect users of its 0patch agent as Zoom works on its own fix.
Microsoft
terminated
support for Windows 7 and Windows Server 2008 earlier this year, meaning technical assistance and software updates via Windows Update are longer available.
Read more details
here

 
 
Black Hat Register now for this years fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on
conference information
 and
to register.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zoom Patches Zero-Day Vulnerability in Windows 7