Zoom Client for Windows Vulnerability Overview

This threat report is about a recently discovered Zoom Client for Windows vulnerability. Successful exploitation allows a remote attacker to execute arbitrary code on a victim’s computer.

Zoom has issued an updated Client for Windows that is not susceptible to this vulnerability. You can access updated information under the "What You Can Do" section of this report.

Zoom Vulnerability Tactics, Techniques, and Procedures

This remote code execution “zero-day” vulnerability allows a remote attacker to execute arbitrary code on a victim’s machine that is running any version of Zoom Client for Windows on Windows version 7 or prior. This is done by prompting the user to perform a normal action, such as opening a document file, that initiates the malicious code execution to begin in the background. In analyzed cases, the user did not receive any type of security warning during the attack.

This weakness is only exploitable on systems running Windows 7 and earlier. Although Microsoft’s official support for Windows 7 ended in January, many individuals and businesses continue to use this version through Microsoft’s Extended Security Updates.

Anyone using Zoom Client on Windows version 7 or older are highly advised to update to the newest version of Zoom Client for Windows. Systems running Windows 7 that are fully updated with Extended Security updates are still vulnerable while using any of the previous versions of Zoom.

Despite Zoom’s highly persistent auto-update method, many users continue to use older supported versions. Because of this, additional technical details of this exploit are not being published during this time to prevent an increase in attacks on those who might still be at risk.

The exploitation of this vulnerability could have a critical impact on an organization since it enables malicious code execution on the system running the Zoom client. If a device is successfully compromised, it could lead to additional hosts being infected on the network.

Related Reading: Stop! Using Online Collaboration Tools Until You Read This

What the Zoom Client for Windows Vulnerability Means to You

  • Results in malicious code execution and control of the targeted system.
  • May lead to additional hosts on the network being compromised.
  • May lead to the exfiltration or loss of sensitive data.
  • May provide initial access for a bad actor to laterally move through the network.

What You Can Do About the Client for Windows Vulnerability

It is highly recommended that any systems running Zoom Client on Windows 7 or prior apply the newest update released from Zoom to remediate this vulnerability on the affected systems.

Related Reading: Zoom Virtual Meeting Vulnerabilities

Helpful Resources

Zoom (Update resources): https://zoom.us/

IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/vulnerabilities/184837

0patch Blog: https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html

MITRE Mapping: https://attack.mitre.org/techniques/T1203/

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Contact us for more information about Avertium’s managed security service capabilities. 

msp siem

Deciding between running an in-house SOC vs. using managed security services (MSS) to add more rigor, more relevance, and more responsiveness to your cybersecurity program? Compare the two options. Download the e-book!