Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people.

Though Zoom is an efficient online video meeting solution, it's still not the best choice in terms of privacy and security.

According to the latest finding by a cybersecurity expert and confirmed by others, Zoom client for Windows is vulnerable to the 'UNC path injection' attack that could let remote attackers steal login credentials for victims' operating systems.

The attack involves the SMBRelay technique wherein Windows automatically expose a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.


The attack is possible only because Zoom for Windows supports remote UNC paths, converting such URLs into hyperlinks for recipients in a personal or group chats.

To steal the login credential of a zoom with Windows client, all an attacker needs to do is sent a crafted URL (i.e. \\x.x.x.x\xyz) to the victim over the chat interface, as shown, and wait for the victim to click it once, that's it.

Easy, isn't it, to convince people clicking a random link over chat?

To be noted, the captured passwords are not a plaintext, but a weak one can be cracked easily in seconds using tools like HashCat or John the Ripper.

In shared environments, like office spaces, stolen login details can be reused immediately to compromise other users or IT resources, and launch further attacks.


Zoom has already been notified of this bug, but since the flaw has not yet been patched at the time of writing, it's recommended for users to either use an alternative video conferencing software or use Zoom in your web browser instead of the dedicated client app.

Besides always using a secure password, Windows users can also change the security policy settings to restrict the operating system from automatically passing your NTML credentials to a remote server.