Zoom Zero-Day Allows RCE, Patch on the Way

A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The issue was confirmed for Threatpost by a Zoom spokesperson.

The 0patch team said that the vulnerability is present in any currently supported version of Zoom Client for Windows, and is unpatched and previously unknown — catnip for cybercriminals. However, it’s important to note that the flaw has a couple of big mitigating factors that reduce the concern around it. For one, it’s only exploitable on Windows 7 and older Windows systems, which are end-of-life and no longer supported by Microsoft (though millions of installed users remain in the wild).

Read more…
Source: ThreatPost