With COVID19 resulting in an exponential growth in the number of people working from home, one of the primary beneficiaries has been Zoom, a leader in video and web conferencing solutions. With the onset of this pandemic, Zoom, unlike other companies, has seen its stock price soar; we’ve used Zoom as a verb more than ever; and it has become a household name among professionals, families and friends.
However, with fame and glory, also comes consequences, and Zoom has been the subject of negative publicity due to vulnerabilities, one of which potentially allows a leak of Windows 10 network credentials. An attacker can send a compromised URL to the meeting participants through the group chat feature. The Zoom client converts these URLs to a UNC path (Universal Naming Convention), used to identify the location of a network resource. Clicking on this link enables Windows to attempt to connect to the remote site using the SMB network file-sharing protocol.
There are a couple of implications to this vulnerability:
- When an SMB connection is made, the client’s IP address, domain name, host name, and username may be leaked.
- Windows can send the user’s login name and NT LAN Manager (NTLM) credential hash, in which the password can be easily hacked.
Realtime Mitigation and Remediation, at Scale
Infinipoint enables you to implement and validate a mitigation and remediation to this vulnerability in seconds across all your endpoints, whether on-premise or off-premise and anywhere in the world.
This video demonstrates Infinipoint’s simple process for fixing this Zoom vulnerability by preventing NTLM credentials from being sent to remote servers via configuration or patching. Once you do so, you can carry on with your virtual business meetings, family gatherings and online happy hours.
Source: https://www.zdnet.com/article/windows-10-alert-zoom-client-can-leak-your-network-login-credentials/
