[NJTechDiv] attackers can use Zoom to attack you without warning

Sat Apr 4 15:49:27 UTC 2020

Attackers Can Use Zoom to Steal Users' Windows Credentials with No Warning
(https://arstechnica.com/information-technology/2020/04/unpatched-zoom-bug-lets-attackers-steal-windows-credentials-with-no-warning/)

DAN GOODIN, 4/1/2020, 12:38 PM.
(Dan is the Security Editor at Ars Technica, which he joined in 2012 
after working for The Register, the Associated Press, Bloomberg News, 
and other publications.)

Users of Zoom for Windows beware: the widely used software has a 
vulnerability that allows attackers to steal your operating system 
credentials, researchers said.

Discovery of the currently unpatched vulnerability comes as Zoom usage 
has soared in the wake of the coronavirus pandemic. With massive numbers 
of people working from home, they rely on Zoom to connect with 
co-workers, customers, and partners. Many of these home users are 
connecting to sensitive work networks through temporary or improvised 
means that don’t have the benefit of enterprise-grade firewalls found 
on-premises.

Protect yourself.

While the attack works only against Windows users, Hickey said attacks 
can be launched using any form of Zoom, again, by sending targets a UNC 
location in a text message. When Windows users click on the link while 
they’re connected to certain unsecured machines or networks, the Zoom 
app will send the credentials over port 445, which is used to transmit 
traffic related to Windows SMB and Active Directory services.

In the event that port 445 is closed to the Internet— either by a device 
or network firewall or through an ISP that blocks it— the attack won’t 
work. But it’s hardly a given that this egress will be closed on many 
Zoom users’ networks. The events of the past month have left millions of 
people working from home without the same levels of IT and security 
support they get when working on premises. That makes it more likely 
that port 445 is open, either because of an oversight or because the 
port is needed to connect to enterprise resources.

Zoom's statement didn't indicate when a fix will be in place. Until 
then, Windows users should be extra suspicious of chat messages that 
contain links. When possible, users should also ensure that port 445 is 
either blocked or can access only trusted addresses on the Internet.

Update: 4/2/2020 9:47 California time. On late Wednesday, Zoom officials 
said that the UNC bug and a separate pair of bugs disclosed by 
researcher Patrick Wardle had been fixed. The video conferencing company 
also said it was enacting a feature freeze for the next 90 days so it 
could focus on securing the features that are already in place.

some of the article has been left out for those who are not technically 
inclined to understand (or care about) the technical jargon. those who 
are interested can read more about it at the URL above. the conclusion 
is to make sure the Zoom client is up to date to the latest version.