CVE-2020-9767

Zoom Sharing Service Local Privilege Escalation

Publish date

10 June 2020

Identifier

CVE-2020-9767

Manufacturer

Zoom (https://zoom.us)

Product

Zoom Client for Windows < 5.0.4 where the Zoom Sharing Service is installed

Authors

Connor Scott

Description

The Zoom Sharing Service (CptService.exe) contains insufficient signature checks of dynamically loaded DLLs and EXEs when loading a signed executable. This may be leveraged to escalate local user privileges to the NT AUTHORITY\SYSTEM user.

Mitigation

Update to the latest release of Zoom Meetings for Windows and follow advice listed by the vendor at https://support.zoom.us/hc/en-us/articles/360044350792

Timelines

10th June 2020 - Advisory Released

25th May 2020 - Issue resolved in release provided by vendor

23rd May 2020 - Patch candidate released

29th April 2020 - Patch feedback provided to vendor

28th April 2020 - Patch candidate released

5th April 2020 - Patch feedback provided to vendor

22nd March 2020 - Patch candidate released

26th February 2020 - Detailed advisory and POC passed to vendor

21st February 2020 - Vendor response and public Key

21st February 2020 - Initial contact and request for public key

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA