Zoom Video Conferencing a Major Risk on Windows 7

John Lister's picture

Windows 7 computers running the Zoom videoconferencing tool are at risk from a "zero day" vulnerability. It's a reminder of the dangers of an outdated operating system.

The problem will be fixed in a patch by Zoom itself rather than from Microsoft. Microsoft dropped support for Windows 7 on January 14 this year, meaning it doesn't offer security updates or fix any bugs.

A zero day vulnerability is one that is known by somebody other than the developer or manufacturer before a fix is ready. In effect, the developers have "zero days" of head start distributing the fix before people can start trying to exploit it.

Rogue File Unlocks Remote Access

Exactly how the bug worked is being kept secret for now to avoid tipping off more cyber criminals. What is known is that it involves trying to get users to open a file attachment, for example in a bogus email.

If Zoom is installed on the computer, the file uses the security flaw to give a hacker remote access and execute arbitrary code - in effect, to take control of the computer. (Source: 0patch.com)

An independent researcher discovered the bug and reported it to security specialist 0patch, which in turn disclosed it to Zoom.

One in Five Still on Windows 7

It's arguably the highest profile bug to affect Windows 7 since Microsoft withdrew security support. The Statcounter site estimates that as of last month, just under 20 percent of people with a Windows PC were still running Windows 7. (Source: statcounter.com)

Every time Microsoft drops security support for an old version of Windows, it creates a dilemma for the company. If they leave flaws unpatched, they risk a sizable number of users being affected - particularly with malware that spreads from machine to machine.

On the other hand, continuing to patch older systems past the scheduled date reduces the incentive for people to upgrade. The problem was particularly significant with the phasing out of Windows XP when a high proportion of people were deterred by the terrible reception to Windows Vista and never upgraded.

What's Your Opinion?

Do you still use Windows 7 or older? Is Microsoft right to stick to its deadlines for stopping security updates? Should it maintain updates for as long as old software has a significant number of users?

Rate this article: 
Average: 5 (10 votes)

Comments

buzzallnight's picture

Do you still use Windows 7 yes
Do you use Zoom? are you kidding me!!!!!!
Is Microsoft right to stick to its deadlines for stopping security updates?
NO, NOT UNTIL EVERY LAST BUG IS FIXED!
Should it maintain updates for as long as old software has a significant number of users? yes

Has M$ ever made a bug free product in the history of the company? NO!!!!!!!
Has M$ ever even after 5 or 10 years of patches made a bug free product? NO!!!!
Is M$ latest product still in BETA 5 years after it was released? YES!!!!!!!!

Is Win 7 actually safer and more stabile than Win 10? YES!!!!!!!!!!!!

daniel k_8060's picture

I Could not agree MORE !!
You took the words right out of my Mouth, as I am still on W7 But moving slowly to Mac!
Thanks

bk27's picture

My home theatre still rocks Windows 7. For good reason. It's got twin DVB-S2 tuners and quad DVB-T2 tuners. A nice lower power but nippy 4th Gen Core i5 processor, 240GB SSD for the OS and 2x HD for 5TB of local storage for my movie and extensive media collection. Gfx output is courtesy of an nVidia 1030 gfx card which will handle 4k easily once I upgrade my TV. The front end is the still very polished and unsurpassed Windows 7 Media Centre.

Microsoft pulled the EPG updates in Jan, but I was already filling in gaps using EPG Centre/Collector - a somewhat hard to fathom but quite capable little utility that even loads the guide data into the Media Centre guide automatically on a schedule.

The Win10 UI sucks more than ever and they waste copious amounts of time farting around with the look whilst each new update breaks things that worked well before whilst nothing of substance seems to reach the feature set.

Rant over. For now.