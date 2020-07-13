Windows 7 computers running the Zoom videoconferencing tool are at risk from a "zero day" vulnerability. It's a reminder of the dangers of an outdated operating system.

The problem will be fixed in a patch by Zoom itself rather than from Microsoft. Microsoft dropped support for Windows 7 on January 14 this year, meaning it doesn't offer security updates or fix any bugs.

A zero day vulnerability is one that is known by somebody other than the developer or manufacturer before a fix is ready. In effect, the developers have "zero days" of head start distributing the fix before people can start trying to exploit it.

Rogue File Unlocks Remote Access

Exactly how the bug worked is being kept secret for now to avoid tipping off more cyber criminals. What is known is that it involves trying to get users to open a file attachment, for example in a bogus email.

If Zoom is installed on the computer, the file uses the security flaw to give a hacker remote access and execute arbitrary code - in effect, to take control of the computer. (Source: 0patch.com)

An independent researcher discovered the bug and reported it to security specialist 0patch, which in turn disclosed it to Zoom.

One in Five Still on Windows 7

It's arguably the highest profile bug to affect Windows 7 since Microsoft withdrew security support. The Statcounter site estimates that as of last month, just under 20 percent of people with a Windows PC were still running Windows 7. (Source: statcounter.com)

Every time Microsoft drops security support for an old version of Windows, it creates a dilemma for the company. If they leave flaws unpatched, they risk a sizable number of users being affected - particularly with malware that spreads from machine to machine.

On the other hand, continuing to patch older systems past the scheduled date reduces the incentive for people to upgrade. The problem was particularly significant with the phasing out of Windows XP when a high proportion of people were deterred by the terrible reception to Windows Vista and never upgraded.

What's Your Opinion?

Do you still use Windows 7 or older? Is Microsoft right to stick to its deadlines for stopping security updates? Should it maintain updates for as long as old software has a significant number of users?