Zoom is facing more security scrutiny after a new flaw was found to open up the service to hackers, putting Windows 7 users at risk.
Researchers at Slovenian cybersecurity firm ACROS Security has revealed a previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system.
The “zero-day” vulnerability applies to Zoom software running on Windows 7, or even older operating systems.
Windows 7 Zoom
ACROS Security noted that anyone able to successfully exploit the vulnerability could access files on the vulnerable computer, and even take over the entire device.
Microsoft has been trying to convince Windows 7 users to upgrade to newer software versions in recent years, but with little success – despite offering free upgrades to Windows 10.
The company revealed it would be ending technical support out for Windows 7 on January 15 2020, meaning it would no longer offer patches and security updates for Windows 7.
That means that any bugs or problems still found in the software will never get fixed. Likewise, any security vulnerabilities could also remain in Windows 7, as Microsoft is unlikely to patch those unless they are very severe – more on that in a moment.
Many large organisations, including the NHS, still use Windows 7 on many devices, with Microsoft allowing customers to pay extra to receive specilaised support.
“Zoom takes all reports of potential security vulnerabilities seriously,” a Zoom spokesperson said in a statement. “This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it.”
The issue is the latest in a litany of security worries for Zoom, which has exploded in popularity in 2020 thanks to the remote working boom caused by the global pandemic.
The sudden and increased demand on the company’s systems was unlike anything most companies have ever experienced, with criminals also attacking Zoom with gusto. Following a number of high-profile issues, company’s CEO Eric S. Yuan promised more transparency and announce a 90-day freeze on all new features not related to privacy, safety or security back in April – however this deadline was missed earlier this month.