Do you like credentials? I know I do, but I tend to like them when they are mine and mine alone. Recently a zero day has been found with zoom where I may not be able to keep my credentials to myself and that makes me sad.
What is at Risk
In the chat, Zoom will convert a UNC path to a clickable link. If some ne’er-do-well sent over a UNC path to an external site and it is clicked on, your machine will attempt to connect to the remote site, sending your credentials in the attempt. It is the password hash, but there are many free tools that can crack those in no time. Adding to the issues is that the same exploit can be used to launch an application on your machine.
The Good News?
As you would expect there were instantly some workarounds to mitigate this issue. Some great and some that went a bit too far. However, Zoom has patched this issue, so you can avoid those steps and just install the latest version of the product. You could spend a lot of time tracking down machines that need the update and forcing that through, but I might recommend Using PDQ Inventory to let you know which machines have the software, and PDQ deploy to quickly update it so this security hole is closed.
Zero day exploits are never fun. The ideal scenario is we never have them pop up in our environment. Chances are very good that it will happen at some point. Luckily the steps we follow usually follow the same track. With the right set up you can get your environment as safe as possible rather quickly. I am off to click some links I just had pop up on my screen.
Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.