1. Home
  2. Forums Index
  3. Local / Foo 5:07 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Zoom Security Flaw in Windows Could Leak Data

         

engine

4:11 pm on Apr 1, 2020 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Once again, the popular video app, Zoom, has been highlighted with a Windows security flaw which could leak user data. A security researcher says he's found that attackers can use Zoom's Windows client's group chat feature which could share links that leak the Windows network credentials just by clicking on the links.


When someone clicks on the UNC path link, Windows attempts to connect to the remote site using the SMB network file-sharing protocol. And by default, Windows then sends the user's login name and NT Lan Manager (NTLM) credential hash.


[zdnet.com...]

Earlier stories
Zoom Sued For Allegedly Sending Data To Facebook [webmasterworld.com]
Zoom's iOS App Comes Under Fire For Sending Data to Facebook [webmasterworld.com]

lammert

4:20 pm on Apr 1, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



With news pouring in of Zoom vulnerabilities and privacy misbehavior [webmasterworld.com], UK citizens should be delighted that the UK Government, now with Boris Johnson in quarantine with COVID-19, is using Zoom for their on-line Cabinet meetings, as a screenshot on Johnson's Twitter account revealed :)

engine

10:14 am on Apr 2, 2020 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Another researcher has highlighted more vulnerabilities.

The two bugs, Wardle said, can be launched by a local attacker — that’s where someone has physical control of a vulnerable computer. Once exploited, the attacker can gain and maintain persistent access to the innards of a victim’s computer, allowing them to install malware or spyware.


[techcrunch.com...]

I don't think this is a vendetta against Zoom, but just highlighting vulnerabilities of the technology.

lammert

7:57 am on Apr 3, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Zoom now recognizes they have a problem in a blog post by their Founder and CEO Eric S. Yuan [blog.zoom.us], and initiated a feature freeze and focus on fixing issues.
Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust. This includes:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.

    • engine

    10:53 am on Apr 3, 2020 (gmt 0)

    WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



    It appears there's now a fix which is being pushed out to users.

    [pcworld.com...]
     

    Join The Conversation

    Moderators and Top Contributors

    Hot Threads This Week

    1. Home
    2. Forums Index
    3. Local / Foo 5:07 pm May 5, 2026