From “Attackers Can Use Zoom to Steal Users’ Windows Credentials with No Warning” Ars Technica (04/01/20) Goodin, Dan
Zoom for Windows contains a bug that allows attackers to steal users’ operating system credentials with no warning. The exploit leverages the Zoom chat window to send targets a string of text that represents the network location on the Windows device being used, and the Zoom app for Windows automatically renders these universal naming convention (UNC) strings as clickable links. Should targets click on those links on networks that are not fully locked down, Zoom will send the Windows usernames and corresponding Net-NTLM-v2 hashes to the address in the link. Attackers can then use the credentials to access shared network resources, including Outlook servers and storage devices. Hacker House security boutique co-founder Matthew Hickey said attacks can be launched using any Zoom iteration, but Zoom officials have announced that the UNC bug has been patched.