Microsoft® Patches Critical Vulnerabilities; Zoom Vulnerability Discovered
On April 14, Microsoft released software patches that address over 110 vulnerabilities discovered in Windows® 10, in Exchange® Server software, and in multiple other Microsoft products. While released as part of the recurring “patch Tuesday” program, these patches are particularly essential. Per Microsoft, the fixes address 19 “critical” vulnerabilities that could be used by bad actors to seize control over user systems without user interaction. Additional patches address further vulnerabilities in Exchange on-premises servers, as well as multiple other issues.
In a separate discovery, ethical “white hat” hackers have uncovered a vulnerability in Zoom software. This vulnerability allows bad actors to exercise “remote code execution” and essentially take over users’ computers. The discovery was revealed at the Pwn2Own white hat hacker event. The vulnerability is said to affect the Windows and Mac desktop versions of the software (rather than the browser-based version) and to involve infiltration via chat functionality. The exploit has not been used in the wild, and its details have not been released to the public. As reported, Zoom has indicated that they are working on a fix and will release a patch when available.
The Microsoft patches address serious potential vulnerabilities.
- Urgently apply the released Microsoft patches.
- Include these updates in mandatory patching policies (when applicable).
- Advise critical third-party service providers of the need to apply these patches.
The discovered Zoom exploit has not been used by bad actors, and its details have not been exposed.
- No immediate user action is required.
- Apply Zoom software updates when they are available.
- Continually apply safety precautions for Zoom (and other remote conferencing software tools), including verifying unique meeting numbers/PINs, using multi-factor authentication, closing entry after roll call, and only admitting trusted users into chat conversations.
How we help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar cybersecurity warnings, and to enhance its cybersecurity in general:
- Risk assessments and regulatory compliance testing services
- Threat Intelligence, phishing testing, and monitoring
- Operational resilience and governance
Download our Aponix Protect™ cybersecurity solution brochure.
If you have any questions, please contact your ACA Aponix consultant or contact us below.