Zoom patched a fatal flaw in the Zoom Windows client that allows attackers to use its chat feature to share malicious links that once clicked will leak the Windows network credentials of the victim.

Such attacks are possible because Zoom for Windows not only converts normal URLs into a clickable link but also Windows networking Universal Naming Convention (UNC) paths. 

UNC is used to locate a network resource, such as a file hosted on an attacker-controlled SMB (Server Message Block) server.  When someone clicks on the UNC path link, Windows automatically exposes the username and NTLM password hashes to a remote SMB server in order to connect and retrieve a file hosted on it. Though the Windows password is still encrypted, it can be easily decrypted by third-party tools if it's weak. 

Google security researcher Tavis Ormandy confirmed that this flaw can also be leveraged to launch any program already present on a targeted computer or execute arbitrary commands.

Zoom being a web conferencing platform can be an opportune target for attackers as organizations resort to telecommunication tools to remote work in response to the pandemic. Therefore, this vulnerability must be immediately fixed.

Resolution:

The issue is fixed in the Zoom Windows client version 4.6.9 (19253.0401). To upgrade to the latest version of Zoom, deploy the following patch:

• Patchid : 313632

• BulletinID : TU-117
  

• ​Patch Description : Zoom (4.6.19253.0401)