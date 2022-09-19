Government issues advisory for Zoom users: Details2 min read . 02:26 PM IST
The Indian Computer Emergency Response Team (CERT-In) has identified multiple vulneabilities in video conferencing platform Zoom. Issuing an advisory, the agency said that vulnerabilities in Zoom can allow a remote unauthenticated user to join a Zoom video meet without appearing to other participants in the joinee list.
Categorized under ‘Medium’ threat level, the vulnerabilities, CERT-In says can allow a hacker to bypass implemented security restrictions on the targeted systems. They can secretly join a Zoom meeting and obtain the audio and video feeds of the meeting.
CERT-IN is a nodal agency under the Ministry of Electronics and Information Technology. This government body is responsible for reporting bugs and cybersecurity threats like hacking and phishing attacks.
The vulnerabilties have also been reporetd by Zoom. These are dubbed CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760, and they affect Zoom's On-Premise Meeting Connector MMR before version 4.8.20220815.130. This improper access control vulnerability, Zoom says, can allow a malicious actor to join a meeting which they are unauthorized to join without appearing to the other participants.
Zoom raised the vulnerability on September 13, while the cyber agency has issued the advisory on September 19. In its advisory, CERT-In has advised users to update to the latest version of Zoom on their devices. In order to update Zoom on your laptop, sign in to Zoom desktop client. Here, click on your profile picture and check for updates. If a new version is available, download and install it. Smartphone users can go to the Google Play or Apple App Store and check the latest versions of the Zoom app.
Recently, CERT-In issued a high risk warning for some Microsoft users. This included Microsoft Windows, Microsoft Office, Microsoft SharePoint, Microsoft Dynamics CRM, Visual Studio and .NET Framework. The agnecy advised the users of these Microsoft products to apply the latest security patch based on Microsoft’s September 2022 security update.
