Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Zoom working on patching zero-day disclosed in Windows client

July 10, 2020
in Internet Security
US Senate, German government tell employees not to use Zoom
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Zoom, ZDNet

Video conferencing software Zoom is working on patching a zero-day vulnerability that was disclosed online earlier today in a blog post by cyber-security firm ACROS Security.

The security firm said the zero-day impacts Zoom’s Windows client, but only when the clients are running on old Windows OS versions, such as Windows 7 and Windows Server 2008 R2 and earlier.

You might also like

Cloud, data amongst APAC digital skills most needed

Ukraine reports cyber-attack on government document management system

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Zoom clients running on Windows 8 or Windows 10 are not affected, according to ACROS Security CEO Mitja Kolsek.

“The vulnerability allows a remote attacker to execute arbitrary code on victim’s computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file,” Kolsek said.

“No security warning is shown to the user in the course of attack,” he added.

Kolsek said ACROS did not discover the vulnerability by itself, but instead received it from a security researcher who wanted to keep their identity secret.

ACROS reported the zero-day to Zoom earlier today and released an update to its 0patch client to prevent attacks for its own customers until Zoom releases an official fix. A demo of the zero-day being exploited, and then blocked by the 0patch client is available below.

ACROS didn’t publish any kind of technical details about the zero-day, but in a canned statement ZDNet received today from a Zoom spokesperson, the company confirmed the vulnerability and the report’s accuracy.

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it.”

A Zoom spokesperson could not commit to a timeline of when the fix would be available due to the unpredictability of developing a comprehensive fix; however, a patch is currently in the works.

Zero-day disclosed days after “feature freeze” ended

After the discovery and disclosure of several security issues with Zoom’s service, on April 1, the company paused development on all new features to focus solely on security and privacy-related improvements and bug fixes.

This period of feature freeze during which the company focused on improving the app’s security ended on July 1, last week.

Days before, on June 24, Zoom also hired a new Chief Information Security Officer (CISO) in Jason Lee, who previously served as Salesforce’s Senior Vice President of Security Operations.

During its feature freeze period, Zoom also hired Luta Security to help the company set up a professional bug bounty program. Zoom and Luta Security ended their collaboration on the day of Lee’s hiring.

Credit: Zdnet

Previous Post

Difference Between Correlation and Regression in Statistics

Next Post

When will we return to in-person events? Answer our survey

Related Posts

Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Next Post
An ideal time for online events to get a makeover

When will we return to in-person events? Answer our survey

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

RAND Corp. Finds DoD “Significantly Challenged” in AI Posture 
Artificial Intelligence

RAND Corp. Finds DoD “Significantly Challenged” in AI Posture 

February 25, 2021
Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology
Machine Learning

Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
SolarWinds Hackers Targeted Cloud Services as a Key Objective 
Artificial Intelligence

SolarWinds Hackers Targeted Cloud Services as a Key Objective 

February 25, 2021
Zorroa Boon AI: No-Code Machine Learning Now Open for Media Use
Machine Learning

Zorroa Boon AI: No-Code Machine Learning Now Open for Media Use

February 25, 2021
B2B Tech Marketing Channels: 2021 Strategies & Plans
Marketing Technology

B2B Tech Marketing Channels: 2021 Strategies & Plans

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • RAND Corp. Finds DoD “Significantly Challenged” in AI Posture  February 25, 2021
  • Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology February 25, 2021
  • Cloud, data amongst APAC digital skills most needed February 25, 2021
  • SolarWinds Hackers Targeted Cloud Services as a Key Objective  February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates