A new vulnerability had been found in ZOOM video conferencing software for Windows platform that could allow an attacker to execute arbitrary code in the victim’s device running Windows 7 or older.
An attacker can trick a victim to open a malicious file since no security warning is shown at the time of execution of the attack any malicious attacker can easily exploit the vulnerability.
However, the flaw was vulnerable for all the platform but it is exploitable for Windows 7 or older versions due to some system configuration.
This vulnerability is only exploitable on Windows 7 and earlier Windows versions. It is likely also exploitable on Windows Server 2008 R2 and earlier though we didn’t test thatMitja Kolsek, 0patch co-founder, said in a blog post
A security researcher has found the flaw and reported it to Acros Security after which the Acros team reported it to the Zoom security team and the researcher wishes to remain anonymous.
After Microsoft has ended the official update for Windows 7 in January and encouraged the users to shift to a secure version, but still Windows 7 is still used by many of the users worldwide.
Are Zoom users at Risk?
The zoom security team has released an official patch for the vulnerability.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
In the past four months after the pandemic has started after which there has been a boom in the use of video conferencing apps and Zoom has gained more popularity.
But in past years after the popularity of the Zoom, many serious security vulnerabilities have been reported that raises security and privacy concerns among the users.