1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Zoom patches worrying security Windows flaw - make sure you're pr

    From TechnologyDaily@1337:1/100 to All on Thursday, August 14, 2025 14:15:08
    Zoom patches worrying security Windows flaw - make sure you're protected, update now

    Date:
    Thu, 14 Aug 2025 13:03:00 +0000

    Description:
    Zoom urges users to apply the patch as soon as possible.

    FULL STORY ======================================================================Zoom warns multiple versions of its Windows client are vulnerable A security flaw can be used to fully take over target endpoints Zoom advises patching immediately, so users should update now

    Zoom has patched a critical severity vulnerability which could have allowed threat actors to escalate their privileges over the network.

    The online collaboration tool found its Windows application doesnt always use explicit full paths when loading dynamic libraries (DLLs). Instead, it relies on Windows default search order, which means if an attacker were to place a malicious DLL into the right location, Zoom may load and execute it. It is similar to the Bring-Your-Own-Vulnerable-Driver type of attack, although not identical.

    So, if the DLL triggers the installation of persistent malware such as backdoors or ransomware, and if Zoom runs with elevated privileges, the
    threat actors could, in theory, take over the entire endpoint. Debian,
    Fedora, and others

    In other scenarios, the vulnerability could be used to harvest sensitive
    files such as meeting recordings, contact lists, credentials, and similar. They could also pivot deeper into the corporate network, reaching domain controllers or high-value systems.

    The worst part about abusing this flaw is that it does not require any authentication, and can be described as low in complexity. All the threat actors need is a path that the target device trusts, and doesnt even require advanced skills - just placing the malicious DLL in a strategic location.

    The vulnerability, affecting the Windows client, is tracked as
    CVE-2025-49457, and carries a severity score of 9.6/10 (critical).

    Zooms prevalence in the business world, especially since the Covid-19 pandemic, means the attack surface is quite large.

    Affected products include Zoom Workplace for Windows before version 6.3.10, Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12), Zoom Rooms for Windows before version 6.3.10, Zoom Rooms Controller for Windows before version 6.3.10, and Zoom Meeting SDK for Windows before version 6.3.10.

    A patch is already available, and users are advised to apply it as soon as possible. You might also like Microsoft Teams and Zoom can be hijacked to
    give hackers the keys to your kingdom Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/zoom-patches-worrying-security-windows- flaw-make-sure-youre-protected-update-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)