By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
A zero-click attack surface for the popular video conferencing solution Zoom has yielded two security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.
The weaknesses have been addressed by Zoom as part of their updates. Failure to patch all your systems could provide the needed pivot-point for threat actors to gain access into your network environment.
We’re increasing awareness for our higher education community:
Ferrilli is recommending that academic institutions pay close attention to failed patches on their systems and double-check that all systems have been patched (workstations, laptops, and multimedia router (MMR) servers). Also, remind your faculty, staff, and students to patch their personal devices.
More info about the vulnerabilities:
A zero-click attack against the Windows Zoom client was revealed at Pwn2Own (a security event designed to identify and flag vulnerabilities before they’re exploited by threat actors) showing that it does indeed have a fully remote attack surface. This resulted in two vulnerabilities being reported to Zoom. One was a buffer overflow that affected both Zoom clients and MMR servers, and one was an info leak that is only useful to attackers on MMR servers.
Here are the CVE numbers associated with the two flaws that were identified:
- CVE-2021-34423 (CVSS score: 9.8) – A buffer overflow vulnerability that can be leveraged to crash the service or application or execute arbitrary code.
- CVE-2021-34424 (CVSS score: 7.5) – A process memory exposure flaw that could be used to potentially gain insight into arbitrary areas of the product’s memory.
Goal of a zero-click attack:
For threat actors to stealthily gain control over the victim’s device without requiring any kind of interaction from the user (such as clicking on a link). A key trait of zero-click hacks is their ability not to leave behind traces of malicious activity, making them very difficult to detect.
If you have any questions or need assistance, please click here.