Originally reported by a security researcher who wished to remain anonymous, a new Zoom zero-day affecting clients on Windows 7 or earlier has been discovered. The researcher shared their finding with ACROS, a security company who posted a small number of details about the Remote Code Execution (RCE) vulnerability. The researcher who found the zero-day did not report it to Zoom directly but gave permission of ACROS to report it to Zoom, which they did. Zoom confirmed the vulnerability and said that they were currently working on a patch for it. The issue is only exploitable on Windows 7 and older versions of Windows. According to the ACROS CEO, “the vulnerability allows a remote attacker to execute arbitrary code on victim’s computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file.” No technical details were released publicly about the zero-day, which will hopefully prevent threat actors from exploiting the vulnerability until a patch is released.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.