Security News > 2020 > July > Zoom Zero-Day Allows RCE, Patch on the Way
UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it.
The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".
"Wedocumented the issue along with several attack scenarios, and reported it to Zoom earlier today along with a working proof of concept and recommendations for fixing," Kolsec wrote in a Thursday posting.
Zoom, for it's part, confirmed the zero-day to Threatpost and issued the following statement: "Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it."
Zoom quickly patched the issues upon being alerted to them.
News URL
https://threatpost.com/unpatched-zoom-bug-rce/157317/
Related news
- Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)