Skip to Content
© Fizkes | Dreamstime
Security & privacy

Warning: This program is sharing your Windows credentials every time you click

If the coronavirus has you going stir-crazy, you’re not alone. Many of us are right there with you.

One way to feel those much-needed connections is to use a video conferencing app to speak with family and friends. Tap or click here to find out how to host a virtual get-together.

But one of the most popular programs has a serious flaw that could expose the Windows credentials of anyone using it. Here’s what you need to know to stay protected.

Zoom chats could expose your credentials

The Zoom app has become incredibly popular since the COVID-19 pandemic began. Many companies are using it to conduct video meetings with employees working from home and others are just using it to stay connected with family and friends.

But the program has been dealing with numerous problems in the past few weeks. One major issue is that trolls have found a way to infiltrate public chats and have been bombarding people with pornography and malicious links.

The good news is you can change a setting to stop that from happening. Tap or click here for the details.

Now, Zoom has another massive issue that could really impact your online security. Here’s what’s happening:

According to a security researcher who goes by @_g0dmode on Twitter, the Windows version of Zoom is vulnerable to UNC path injection. This means bad actors can steal Windows credentials from users who click on links posted in Zoom’s chat feature.

You see, Zoom includes this chat feature so people in group meetings can send text messages and links to things like pictures and videos. All URLs sent through Zoom’s chat are converted into hyperlinks that allow participants to click on and open them.

The problem is, locally saved files are converted into clickable links in chat, too. This means if someone clicks on one of the hyperlinks, by default, Windows could send them your login name and hashed password.

You may also like: The one coronavirus video everyone must watch

Even if the password is hashed, meaning it’s been scrambled, there are programs that will reveal it in seconds. This means anyone in the chat who has bad intentions could access your Windows username and password.

How to protect your Windows credentials

The good news is Zoom said it’s aware of the problem and is working to address it.

In the meantime, there’s a registry setting you can adjust to stop your credentials from being shared; however, we must warn you that changing this setting is more complex than typical settings. If you’re not familiar with IT basics or previous experience making changes to your computer’s registry, we recommend that you refrain from this step, as it could cause serious problems with your machine.

If you want to see how to adjust the setting, you can find the steps at Bleeping Computer. But do so at your own risk.

Want a simpler way to protect yourself? Just refrain from sharing files through Zoom’s chat feature — at least until Zoom has fixed the problem. We will update this story as soon as Zoom announces a patch and let you know it’s time to update the app ASAP.

Another simple solution is to use a different video chat app. There are plenty of others to choose from, like Skype, FaceTime and Google Hangouts. Give one of those a try and your Windows credentials will be safe. Tap or click here for ways to keep in touch with video chat apps and games.

The best way to learn about security threats like this is to sign up for Kim’s free Alerts newsletter. This way, you’ll be notified about important tech updates.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now