A vulnerability has occurred in Windows 7, which was discontinued by Microsoft. The vulnerability that appeared in the Zoom client in the operating system was later closed with both official and third-party patches.
A vulnerability has been discovered that can be exploited by remote code execution (RCE) method in a Zoom user in Windows. This vulnerability was found in the Windows 7 operating system, which Microsoft stopped supporting.
Security company 0patch, which previously released a micro patch for an open without decoding, said an attacker could take advantage of this vulnerability remotely by convincing the user of a simple operation to open the file.
Update: Zoom has released a security update to fix the issue:
Zoom interfered with client version 5.1.3, released on July 10, 2020, for the problem of tagging users with operating systems with Windows 7 or earlier. In order to avoid problems, we recommend that you install the latest Zoom software on the official website here.
Zoom vulnerability in Windows 7
Once the malicious document is loaded, the attacker can launch the RCE attack and no warning appears on the victim’s screen. Although there is this vulnerability in Zoom clients in all Windows versions, only computers with Windows 7 operating system are exposed to this attack.
“The vulnerability can be exploited in Windows 7 and earlier versions, even if we haven’t tested it yet. Windows Server 2008 R2 and earlier versions will use it, no matter where you use the Zoom client,” 0patch said. .
Zoom also released a patch for this error in version 5.1.3 on Windows. Those who installed the micro patch previously published by 0patch do not need to do anything while installing the official Zoom patch. The micro patch is automatically disabled. This event shows once again the importance of using an operating system that is still supported.
More current operating systems, such as Windows 10, continue to protect their users from discovered vulnerabilities. Although special security updates are released for Windows 7, they are available for a fee.