Security News > 2020 > July > Zoom Zero-Day Allows RCE, Patch on the Way
UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it.
The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".
"Wedocumented the issue along with several attack scenarios, and reported it to Zoom earlier today along with a working proof of concept and recommendations for fixing," Kolsec wrote in a Thursday posting.
Zoom, for it's part, confirmed the zero-day to Threatpost and issued the following statement: "Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it."
Zoom quickly patched the issues upon being alerted to them.
News URL
https://threatpost.com/unpatched-zoom-bug-rce/157317/
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)