WHAT’S AT RISK 

Windows system’s login credentials

WHAT IS IT

Zoom users on Windows are susceptible to an attack where their login credentials for Windows systems are stolen. This is due to the Zoom client for Windows being vulnerable to the ‘UNC path injection’ vulnerability. 

ADDITIONAL READING

The Hacker News

WHY IS IT OCCURING

“The attack involves the SMBRelay technique wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.” -Hacker News

It’s worth noting that passwords aren’t directly given to attackers, but weak ones can be captured easily. 

WHAT IS THE IMPACT

Due to COVID-19, people all over the world have turned to Zoom to video conference while being apart. With more and more people using the service, this means more users are at risk. 

HAVOC SHIELD’S SOLUTION

Simply put: Change your passwords frequently, and especially now, given your likely increased use on personal devices. Use sites like Password Generator to create complex passwords. Soon, Havoc Shield will deploy a module aimed to improve your Windows security.