A little more than a week after its self-imposed feature freeze ended, Zoom is working on a patch for a zero-day remote code execution vulnerability in Zoom Client for Windows that could affect versions of Microsoft Windows 7 and earlier.

In the mean time, researchers at ACROS Security developed and released a micropatch that “removes the vulnerability in four different places in the code” and was “ported from the latest version of Zoom Client for Windows (5.1.2) to previous five versions back to 5.0.3 released on May 17, 2020,” according to a 0patch blog post.

Noting that “Zoom Client features a fairly persistent auto-update functionality that is likely to keep home users updated unless they really don't want to be,” the researchers wrote that “enterprise admins often like to keep control of updates and may stay a couple of versions behind, especially if no security bugs were fixed in the latest versions (which is currently the case).”

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.