WHAT’S AT RISK
Windows system’s login credentials
WHAT IS IT
Zoom users on Windows are susceptible to an attack where their login credentials for Windows systems are stolen. This is due to the Zoom client for Windows being vulnerable to the ‘UNC path injection’ vulnerability.
WHY IS IT OCCURING
“The attack involves the SMBRelay technique wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.” -Hacker News
It’s worth noting that passwords aren’t directly given to attackers, but weak ones can be captured easily.
WHAT IS THE IMPACT
Due to COVID-19, people all over the world have turned to Zoom to video conference while being apart. With more and more people using the service, this means more users are at risk.
HAVOC SHIELD’S SOLUTION
Simply put: Change your passwords frequently, and especially now, given your likely increased use on personal devices. Use sites like Password Generator to create complex passwords. Soon, Havoc Shield will deploy a module aimed to improve your Windows security.