Security Expert On Zoom Zero-day Vulnerability

Video conferencing software Zoom is working on patching a zero-day vulnerability that was disclosed online earlier today in a blog post by cyber-security firm ACROS Security. The security firm said the zero-day impacts Zoom’s Windows client, but only when the clients are running on old Windows OS versions, such as Windows 7 and Windows Server 2008 R2 and earlier.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Timothy Chiu
Timothy Chiu , Vice President of Marketing
InfoSec Expert
July 10, 2020 9:59 am

This latest vulnerability is a good reminder that vulnerabilities can have dependencies on other applications and operating systems. It’s best security practice to make sure all the components, including the OS on a system, are up to date — it’s not enough to have just the application up to date.

What makes this case worse is that the OS (Windows 7) involved in this latest vulnerability is one that’s no longer supported by Microsoft. Unsupported code has the added problem that it’s unlikely a fix will be forthcoming. In this case, Zoom may be able to fix their code, but it’s not likely any help will come from Microsoft.

Last edited 2 years ago by Timothy Chiu
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x