Wednesday, October 9, 2024
HomeCVE/vulnerabilityCritical Zoom Vulnerability Allows Hackers to Steal your Windows Password & Escalate...

Critical Zoom Vulnerability Allows Hackers to Steal your Windows Password & Escalate Privileges with macOS

Published on

A critical vulnerability with the Zoom client for windows allows attackers to steal Windows login credentials.

Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.

Zoom usability is high now as most of the organization has been closed and the employees are provided with options to work from home.

- Advertisement - EHA

Zoom Vulnerability

Zoom client for Windows supports for Universal Naming Convention (UNC), which is the feature that converts the URLs sent in the chat into hyperlinks.

So if the user click’s on the link it will open that with the default browser, but the problem resides in how the Zoom handles URLs.

A security researcher who goes by Twitter handles Mitch (@_g0dmode) discovered that Zoom client also converts the Windows networking UNC paths into a clickable URL.

If someone click’s on the UNC path URL then Windows will try to establish a connection with the remote site and windows will send the user’s login name and their NTLM password hash, by using the tools like John the Ripper, Rainbow, Hashcat crack attackers can capture the login credentials.

Further, a security researcher with handle Matthew Hickey (@HackerFantastic) checked the attack method and able to obtain NTLM password hashes exploiting the vulnerability.

Also, Hickey told that an attacker could exploit UNC path injection to run arbitrary code on the windows machine.

Former NSA hacker Patrick Wardle discovered two zero-days, that could be launched by a local attacker who has physical control over the machine.

https://twitter.com/objective_see/status/1245350204661891074

The problem is with the AuthorizationExecuteWithPrivileges API validation that fails to validate the binary that will be executed.

So a low-level user can inject the Zoom installer with malicious code to obtain the highest root privileges.

The second bug is with the Zoom module that handles webcam and microphone on Macs, an attacker could inject malicious code into Zoom that tricks the application to give access to the attacker also for the same session that webcam and microphone connected.

The vulnerabilities have been reported to Zoom by the researchers and no fix was provided yet.

Also, attackers using Zoom’s Popularity in Coronavirus Outbreak to Infect Computers With Malware.

A huge number of domains registered with the names that include “Zoom”, and some of the malicious files in the name of Zoom.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...