How the Zoom Bug Demonstrates The Importance of Endpoint Security

How the Zoom Bug Demonstrates The Importance of Endpoint Security

Zoom Video Communications offers video conferencing, online meeting, and mobile chat software for businesses. Hundreds of enterprises around the country use Zoom to collaborate with partners, clients, or remote workforces. 

Unfortunately, a recently disclosed bug with Zoom’s software demonstrates the importance of endpoint security for businesses.

Our Endpoint Security Buyer’s Guide helps you evaluate the best solution for your use case and features profiles of the leading solution providers and their key capabilities.

Security researcher Jonathan Leitschuh discovered and disclosed a zero-day vulnerability in the Zoom software. Basically, the vulnerability allowed any website to forcibly join a Zoom call without permission. Additionally, any website could issue a Denial of Service to a Mac user. 

However, the above bugs don’t constitute the most distressing findings by Mr. Leitschuh. Instead, the most distressing discovery comes in the form of forced reinstallation; if you installed Zoom on any endpoint and then uninstalled it, a localhost on your machine would reinstall it for you without your knowledge.  

Reportedly, the video conference provider is working to fix the issue. You can read Mr. Leitschuh’s full disclosure here.

Zoom and Endpoint Security

Imagine how many applications and programs operate on your business network. Think about all of the programs your employees use to complete their everyday business processes. Now imagine that any one of these applications or programs installed a means to linger on your network. You delete, and it reinstalls itself, allowing hackers an easy infiltration point.  

It’s a chilling touch, and yet that’s exactly what happened here. Obviously, this should serve as a wake-up call to enterprises of all sizes; you shouldn’t automatically trust any application or program from outside your IT environment. 

Therefore, you need to install a next-generation endpoint security solution on all of your connected endpoints. Endpoint security can help your IT team sandbox programs to discover their intent and observe their behavior in a simulated network; you might discover dangerous aspects which might otherwise remain hidden. 

Critically, endpoint security can also install controls on your endpoints that prevent programs from automatically installing themselves without IT supervision. This capability alone can close huge numbers of security vulnerabilities. Also, it can help you feel more confident about your digital hygiene. 

To find out more about endpoint security, check out our free 2019 Buyer’s Guide!

       

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me