Zoom patches Windows vulnerability that let attackers steal your Windows login from dodgy chat links

by
Xeni Jardin
from on (#51P2D)

The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user's Windows login credentials from malicious chat links.

Hi @zoom_us & @NCSC - here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks. The screen shot below shows an example UNC path link and the credentials being exposed (redacted). pic.twitter.com/gjWXas7TMO

- Hacker Fantastic (@hackerfantastic) March 31, 2020

I made a simple demo of the latest Zoom UNC Path Injection Vulnerability, Take care and don't click on ANY UNC Path hyperlinks!

P.S. I used putty as a payload.exe which could be ANY_THING_ELSE.exe

PoC: https://t.co/fatA6R7Kuq

- Mohamed A. Baset (@SymbianSyMoh) April 1, 2020

"Zoom issued a fix for this and other bugs, promising better transparency going forward," reports Mark Hachman at PCWorld:

An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.

A hacker could use an attack called a UNC path injection to expose credentials, according to an attack posted on Twitter and subsequently followed up with an additional video. According to The Hacker News, that's because Windows exposes a user's login name and password to a remote server when attempting to connect to it and download a file.

----

Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post. Part of the blog post detailed a bug fix to be released, which would fix the UNC vulnerability described in our original story, among other things. The fix appears to be pushing out automatically to users. PCWorld staff who've already received the fix report the version number as 4.6.9 (19253.0401).

READ MORE at pcworld.com:

Update: Zoom issues fix for UNC vulnerability that lets hackers steal Windows credentials via chat

We appreciate the scrutiny and questions we have been getting - about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better [Blog Post] https://t.co/tDcWxRIF2V by @ericsyuan

- Zoom (@zoom_us) April 2, 2020

Well, if every societal institution had performed as well as Zoom's infrastructure team, we'd be OK. https://t.co/CKo4h6LZ5k

- Antonio Garcia Martinez (@antoniogm) April 3, 2020

I have more years of experience in engineering than i like to mention.

But this does not compute for me"
Keeping the infrastructure in check for a 20x on that scale is insanely impressive.

Hats off to the zoom eng + infrastructure team. https://t.co/a9qFm3EOeC

- Andreas Klinger 270c.png (@andreasklinger) April 3, 2020

Report: #Hackers can steal Windows credentials via links in Zoom chat | PCWorld https://t.co/I6UYJjvVdB via @pcworld

- Remi Afon (@RemiAfon) April 1, 2020

Attention Zoom users! A vulnerability has been identified that could allow an attacker to gain control of a system or collect your Windows credentials.

CCS strongly recommends updating your Zoom client immediately.@uofg @GuelphHumberUni

More info:https://t.co/l4guZwNojz pic.twitter.com/LPqbujxTM1

- U of G IT (@uofgccs) April 2, 2020

[via techmeme]

External Content
Source RSS or Atom Feed
Feed Location https://boingboing.net/feed
Feed Title
Feed Link https://boingboing.net/
Reply 0 comments