A vulnerability has been discovered in the Zoom client for Windows which leaves users exposed to remote attackers.
This remote code execution vulnerability only affects users who are running Windows 7 or an older Windows operating system, said security company 0patch.
“While Microsoft’s official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life with Microsoft’s Extended Security Updates or with 0patch,” noted the security company.
0patch said that the vulnerability allows a remote attacker to execute malicious code on the victim’s computer by getting the user to perform common actions such as opening a document file.
“No security warning is shown to the user in the course of attack,” 0patch added.
According to 0patch, the users who have signed up to Windows 7 Extended Security Updates are also affected.
The security company said it has created a micropatch that deals with the vulnerability.
However, installing this micropatch is no longer necessary, as Zoom has since patched the bug in version 5.1.3 of its Windows client.
This means that users who have updated to the latest version of Zoom are protected from this security flaw.
Windows 7 support is over
Support for Windows 7 officially ended on 14 January, which means that Microsoft has stopped providing security support for this operating system.
“While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware,” said Microsoft.
“Going forward, the best way for you to stay secure is on Windows 10.”
News of Windows 7 losing support saw the operating system’s market share decrease rapidly from 35.38% in June 2019 to 25.56% in January 2020.
Since January, however, the trend has flattened considerably, dropping from 25.56% in January 2020 to 23.35% as of June 2020.