Posted on July 10, 2020 at 5:37 PM
Cybersecurity firm 0patch has discovered a previously unknown vulnerability that has remained unpatched in the Zoom Client for Windows. The vulnerability, referred to as zero-day, could be exploited by hackers if it is not patched soon.
0patch co-founder Mija Kolsek reiterated that the memory corruption problem in Windows can be exploited via remote code execution while the user is not shown any security warning. It means that the user may not have a clue of the exploitation because the actors can use hidden protocols to cover their tracks.
Vulnerability is present in all Zoom Client for Windows
According to 0patch, the vulnerability exists in all current versions of the Zoom Client for Windows. The security firm said the revelation of the vulnerability was made when a security researcher approached the firm with findings earlier this week.
Instead of reporting to Zoom, the researcher headed to 0patch to reveal the discovered vulnerability. However, the researcher has insisted on remaining anonymous. But once 0patch documented the situation and confirmed the vulnerability, it reported to Zoom to start looking for patch and other mitigation measures.
Windows 8 sand 10 not exploitable
The vulnerability does not apply to all types of Zoom users. It appears those running Windows 7 or its earlier versions are more vulnerable to the attack. That’s because the zero-day is not exploitable on Windows 10 or Windows 8 platforms. But 0patch has advised that even the recently updated Windows 7 systems with the latest extended security updates are still vulnerable to exploitation.
0patch is waiting for the Zoom vulnerability to be corrected and patched before it publishes full technical details about the vulnerability. But as with many other RCE exploits, a successful exploit will be possible if the user clicks on a link or opens an infected document. In most of these related attacks, the actors do not easily gain access to the system even if there is vulnerability. However, the vulnerability has created loopholes which will only be exploited when the user fulfills certain actions from the hacker.
As at press time, there are no reports about any exploits in the wild.
Micro patch already released
0patch has already released a micro patch for the firm’s agent, but the general patch has not been released. A zoom spokesperson explained that Zoom is always very serious about potential security risks and vulnerability. The spokesperson further stated that Zoom has received a report of the vulnerability that affects Zoom users with Windows 7 operating system or lower. As a result, the Zoom team is working seriously to get everything into their rightful place.
“We have confirmed this issue and are currently working on a patch to quickly resolve it.” The spokesperson said.
Timing for patch not known
When Zoom was contacted to throw more light on the expected time the update for the vulnerability will be ready, the video conferencing firm did not give a specific answer.
If the patch takes a long time, it may eventually allow hackers and other cybercriminals to launch attacks on unsuspecting victims.
Even though Microsoft no longer offers support for Windows 7, it still carries the second-largest share of the PC and laptop operating systems.
Windows 10 remains the biggest, with 54.76% of the market, while Windows 7 comes second with a 27.4% market share.
Mac OS, on the other hand, maintains third place with a distance 3.58% market share, based on data provided by NetMarketShare.
Vice president of the marketing unit at K2 Cyber Security, Timothy Chiu, stated that updating all computer components, including operating systems is the best practice. Having only the application up to date is not enough to keep cyber criminals and other actors away, he reiterated.
Timothy further stated that since Windows 7 is no longer supported by Microsoft, it means users have to migrate to a more updated version of the OS, (in this case, either Windows 8 or 10).