Security News > 2020 > July > Zoom Working on Patch for Code Execution Vulnerability in Windows Client
Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don't want to wait for the official patch.
On Thursday, ACROS Security announced the availability of a micro-patch for a remote code execution vulnerability in Zoom Client for Windows.
0patch's security researchers released a micropatch that removes the vulnerability in four different areas of the code, and ported the fix from Zoom Client for Windows 5.1.2 to the previous five versions of the application, back to 5.0.3.
0patch, which published a video showing the vulnerability being exploited in an attack, notes that Windows 10 and Windows 8 machines are not affected.
"Zoom takes all reports of potential security vulnerabilities seriously. Yesterday morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it," a Zoom spokesperson said, responding to a SecurityWeek inquiry.
News URL
Related news
- FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- New Windows IPv6 Zero-Click Vulnerability (source)
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor (source)