Zoom users with older systems have been urged to download a security patch that could save their devices from being attacked by hackers.
The patch was released after last week’s disclosure of a major security vulnerability affecting potentially millions of devices.
The “zero-day” vulnerability applied to Zoom software running on Windows 7, or even older operating systems.
Researchers at Slovenian cybersecurity firm ACROS Security had revealed a previously unknown flaw in the popular videoconferencing software last week that could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system.
Following this, an anonymous researcher contacted the team at security advice site 0patch rather than reporting it directly to Zoom. The 0patch then issued a “micropatch” free of charge until Zoom could release their own.
“According to our guidelines, we’re providing these micropatches to everyone for free until Zoom has fixed the issue or made a decision not to fix it,” 0patch explained in a blog post.
“To minimize the risk of exploitation on systems without 0patch, we’re not publishing details on this vulnerability until Zoom has fixed the issue, or made a decision not to fix it, or until such details have become public knowledge in any way,”
Zoom Windows 7
Following this, Zoom also announced an updated Windows software version on July 10, a download which included a patch which the company says, “fixes a security issue affecting users running Windows 7 and older.”
ACROS Security had noted that anyone able to successfully exploit the vulnerability could access files on the vulnerable computer, and even take over the entire device.
Microsoft has been trying to convince Windows 7 users to upgrade to newer software versions in recent years, but with little success – despite offering free upgrades to Windows 10.
The company revealed it would be ending technical support out for Windows 7 on January 15 2020, meaning it would no longer offer patches and security updates for Windows 7.
That means that any bugs or problems still found in the software will never get fixed. Likewise, any security vulnerabilities could also remain in Windows 7, as Microsoft is unlikely to patch those unless they are very severe – more on that in a moment.
Many large organisations, including the NHS, still use Windows 7 on many devices, with Microsoft allowing customers to pay extra to receive specilaised support.
“Zoom takes all reports of potential security vulnerabilities seriously,” a Zoom spokesperson said in a statement. “This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it.”
The issue is the latest in a litany of security worries for Zoom, which has exploded in popularity in 2020 thanks to the remote working boom caused by the global pandemic.
The sudden and increased demand on the company’s systems was unlike anything most companies have ever experienced, with criminals also attacking Zoom with gusto. Following a number of high-profile issues, company’s CEO Eric S. Yuan promised more transparency and announce a 90-day freeze on all new features not related to privacy, safety or security back in April – however this deadline was missed earlier this month.