A previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system, security researchers said Thursday. A hacker who successfully exploits the vulnerability could access files on the vulnerable computer, said Mitja Kolsek, chief executive of ACROS Security, the Slovenian cybersecurity firm that highlighted the issue. “If the user is a local administrator, the attacker could completely take over the computer,” Kolsek told CyberScoop. The “zero-day” vulnerability applies to Zoom software running on Windows 7, or even older operating systems. More information: https://www.
Although Microsoft Windows 10 makes up the majority of existing Windows operating systems, there is still a substantial number of Windows 7 systems in use. What is most concerning is that many using these older systems are, in fact, governmental and public sector infrastructures. The good news is that Zoom has acknowledged this vulnerability as critical and are already working on a way to remediate it. However, the question now is, what will impacted users do to avoid the risk of exposure? Since the discovery of this vulnerability, Zoom has not yet had the time to repair it. As such, users are advised to be careful. As Zoom is easy to re-install, users would do well to remove Zoom from affected machines, and then reinstall it once the threat has been removed.
Windows 7 is no longer supported by Microsoft and users don’t receive any security updates. I’m therefore not at all surprised that they are vulnerable to a new, zero-day attack. However expensive it is to upgrade to supported software it’s still got to be better than leaving yourself, your devices, or even your organisation open to anyone who wants to download a bit of malware and take a pop at you.
Take the hit and protect yourself. It’s the only solution.