Security News > 2020 > July > Better get Grandma off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older.
An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
The indictment stated that after installing their own remote access software, which also monitored the network's security software to protect itself, the crew then auctioned off the company to the highest bidder online.
A Register reader has tipped us off to a successful hack that could really hurt local governments.
Google already bans such products from its app store, as does Apple, but it was quite happy to tell people where to buy the covert tracking code if they wanted it.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/13/in_brief_security/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)