Source: Matt Brown | Windows Central
What you need to know
- A vulnerability in Zoom allows hackers to obtain your Windows login name and password.
- The vulnerability relies on people clicking a link that is actually a Windows networking UNC path.
- If a person clicks the link, Zoom can send the person's login name and NTLM password hash, which can be used to obtain a person's password.
Zoom is having a moment right now. It's become the go-to form of communication for many people during the current health crisis. Unfortunately, a vulnerability within Zoom can allow hackers to obtain people's Windows login name and password. Security researcher and Twitter user Mitch (@_g0dmode) spotted the vulnerability first. BleepingComputer then followed up with its own investigation and testing.
The core of the issue revolves around how Zoom handles URLs. When you send a URL within a Zoom chat, the program converts it into a link. That's handy for websites, but the problem is that Zoom also converts Windows networking UNC paths into links. If someone clicks a link that's a UNC path, Windows will try to connect to the remote site the path goes to using SMB file-sharing protocol. By default, this action will cause Windows to send a person's login name and their NTM password hash. The NTLM password hash can be cracked using free tools, such as Hashcat, and reveal someone's password.
Security researcher Matthew Hickey (@HackerFantastic) tested this process and was able to get NTLM password hashes using the vulnerability. BleepingComputer replicated the process as well. BleepingComputer was able to dehash an "easy password" in just 16 seconds.
In addition to helping hackers obtain people's passwords, the same process can also be used to launch programs on people's computers. Fortunately, Windows will prompt you when this happens and ask if you want to run the program.
How to fix Zoom's Windows 10 user-info and password-leak problems
Hickey spoke to BleepingComputer about how to fix the issue, stating, "Zoom should not render UNC paths as hyperlinks is the fix, I have notified Zoom as I disclosed it on Twitter."
Until Zoom issues a fix, you can prevent NTML credentials from being automatically sent to a remote server when you click a UNC link. This is done with a Group Policy. Bleeping Computer outlines the process and we also have our own guide on how to do it.

The Surface Duo's April 2021 update and changelog is here
Microsoft's Surface Duo's April security patch is on the way. It's 338MB in size and takes the build from 2021.207.70 to 2021.314.91. No details on what improvements are included have been disclosed yet.

Use GroupMe? You're finally going to get this long-overdue feature
Beta versions of GroupMe on iOS, Android, and Windows 10 are finally gaining a past-due feature: the ability to delete messages. The feature is now live for Windows Insiders and those enrolled in the beta programs. Such a feature would be necessary if GroupMe is to become a more extensive public social network.

Call of Duty: Warzone gets a new look in Season 3
The third season of Call of Duty: Black Ops Cold War is here, and with it comes the biggest change to Call of Duty: Warzone yet. A new map, new locations, and more are here for players to experience.

These tools will help you keep your PC's drivers updated
Windows 10 does a good job of updating your PC's drivers, but third-party tools can help you clean up and optimize your system. Here are the best tools to keep your Windows 10 PC's drivers up to date.