Security News > 2020 > July > Better get Grandpa off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older.
An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
The indictment stated that after installing their own remote access software, which also monitored the network's security software to protect itself, the crew then auctioned off the company to the highest bidder online.
A Register reader has tipped us off to a successful hack that could really hurt local governments.
Google already bans such products from its app store, as does Apple, but it was quite happy to tell people where to buy the covert tracking code if they wanted it.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/13/in_brief_security_zoom/
Related news
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ (source)