Security News > 2020 > July > Better get Grandpa off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older.
An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
The indictment stated that after installing their own remote access software, which also monitored the network's security software to protect itself, the crew then auctioned off the company to the highest bidder online.
A Register reader has tipped us off to a successful hack that could really hurt local governments.
Google already bans such products from its app store, as does Apple, but it was quite happy to tell people where to buy the covert tracking code if they wanted it.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/13/in_brief_security_zoom/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)