Comprehensive software reviews to make better IT decisions
Zoom Quickly Addresses Zero-Day Vulnerabilities, But Now Is Not the Time to Rest
Amid the surge in cloud-based videoconferencing usage during the COVD-19 pandemic quarantine period, videoconferencing service provider Zoom has moved quickly to address zero-day vulnerabilities reported in its client software. That said, there is still work for it to do.
A flaw in the Zoom installer introduced a “UNC path injection” vulnerability in Zoom’s client software. This vulnerability can potentially allow malicious actors to steal the Windows login credentials of their victims and execute arbitrary commands on vulnerable systems.
Another zero-day vulnerability addressed by the patch deals with how Zoom interacts with the camera and microphone on Apple Mac platforms. The exploit of this vulnerability allows a malicious actor to gain access to the user’s microphone and camera.
(Source: Zoom Rushes Patches for Zero-Day Vulnerabilities, April 2020)
Tom’s Guide reported nine flaws/defects in Zoom, many of which have been addressed as of this writing. While Zoom’s diligent moves to correct these issues are notable, Tom’s Guide’s reporting serves as a testament to the numerous security concerns that plague the suddenly popular videoconferencing service.
(Source: Zoom privacy and security issues: Here's everything that's wrong (so far), April 2020)
The patches released by Zoom address issues on the client software that is distributed and installed on user workstations. Therefore, IT departments are strongly encouraged to roll out the patches as soon as possible and ensure that all users immediately comply with the direction to upgrade their software.
With the immense increase in Zoom’s popularity during this pandemic quarantine period, it is commendable that Zoom is responding quickly to discovered vulnerabilities. That said, it is apparent that Zoom was unprepared for the sudden and massive increases in both the number of subscribers and usage volume. At this critical point in time, Zoom needs to first focus its attention in addressing vulnerabilities uncovered in its product, then sustain its response roadmap to stay ahead of emerging weaknesses over time. The growth in popularity makes the service an attractive prospect for hackers – especially in the publicized and often sensitive ways that Zoom has been used (such as the recent UK government cabinet meeting.)
To this end, Zoom has wisely instituted a 90-day freeze on feature enhancement to prioritize its focus on addressing security issues with its product.
Stay tuned to Info-Tech Research Group’s Tech Briefs, as we will report on additional developments as they transpire.
Want to Know More?
On September 1, 2020, Info-Tech briefed with Cisco about current and upcoming features of its Unified Webex app for September. Significant changes include the introduction of Cisco Webex Classrooms and the Webex Control Hub, with notable updates also coming to Webex for Education, Webex Meetings, and Webex Teams.
On September 4, 2020, Info-Tech briefed with Zoho about current and upcoming features of Zoho Workplace, a global enterprise collaboration platform. Organizations, especially SMBs, that want to look outside of Microsoft’s and Google’s office productivity suite duopoly should consider shortlisting Zoho Workplace as a viable option.
Enterprise Connect’s virtual conference and expo for 2020 featured a wide variety of sessions on communications and collaboration for the enterprise. In this fourteenth note of fourteen, I report on Recon Research’s latest study on how COVID-19 has cemented web conferencing as the future of the workplace.
Zoho Workplace – a global enterprise collaboration platform – has reported that it is now supporting 15 million users and is experiencing a surge in usage for its business applications. However, compared to Microsoft’s Office 365 and Google’s G Suite, Zoho still has a long way to go in this marketspace.
Google has announced several updates to its G-Suite offering, which aims to heavily integrate and better secure its teamwork applications. The move represents a clear attempt by Google to directly compete with Microsoft’s office productivity suite, with several of the G-Suite updates mirroring the logical architecture of Office 365.
As of July 1, 2020, over 70,000 small business users receiving their Microsoft 365 services from Navisite will now receive them from Intermedia. The move means that Navisite’s users now have access to a range of Intermedia offerings, including Unite, Contact Center, and AnyMeeting.
Zoom recently announced Zoom for Home: an all-in-one hardware and software for home users designed to enable the work-from-home user with a single home appliance for web conferencing, phone calling, and interactive whiteboard collaboration.
Thinking about choosing a new software vendor but don't know where to start? Narrow down your shortlist by focusing on software that has received an Info-Tech Research Group award. New data from SoftwareReviews shows that organizations reported higher satisfaction when they switched to software that had received an Info-Tech award.
University researchers used artificial intelligence in an experiment to determine the extent of privacy risks that come with the use of this web conferencing tool. Publicly available data scraped from social networks was cross-referenced as part of this research.