Zoom Patches Legacy Windows Zero-Day Bug

Zoom has fixed a zero-day vulnerability announced last week which affects legacy Windows customers.

The popular video conferencing platform worked quickly to patch the bug, which was announced by Acros Security in a blog post at the same time as the firm itself was informed.

“Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10,” noted a brief statement sent to Infosecurity.

“Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”

There were no details provided of the software flaw at the time, but it’s believed to have required some kind of user interaction to exploit, possibly via a phishing email. It was characterized as enabling arbitrary remote code execution.

While Windows 7 is technically no longer officially supported by Microsoft, there are still plenty of organizations out there with Extended Security Updates or who use virtual patching to maintain legacy installations.

Zoom released a further update on Sunday designed to deliver “minor bug fixes,” as well as AES-256 bit encryption for Zoom phone devices, call monitoring capabilities, customized speed dial and more.

Back in April, Zoom became a victim of its own success after several serious vulnerabilities were found in its platform by researchers, after the product’s daily meeting participants had soared from 10 million in December to roughly 200 mi ..

Support the originator by clicking the read the rest link below.