An unpatched and previously unknown security vulnerability has been discovered by a researcher who reached out to the 0patch team disclosing the vulnerability rather than reporting it directly to Zoom. The vulnerability affecting computers running Windows 7 and older OS versions, enables a remote attacker to execute arbitrary code on a victim's machine where any supported version of Zoom Client for Windows is installed.
VMware has released security updates to address vulnerabilities in VMware Fusion, Remote Console, and Horizon Client. With CVE-2020-3974, an attacker could exploit this vulnerability to take privilege escalation control of an infected system.
VMware has released a security update to address CVE-2020-3973, a vulnerability in VeloCloud. A malicious actor with tenant access to Velocloud Orchestrator could enter especially crafted SQL queries and obtain data to which they are not privileged.
Trend Micro recommends customers to apply Apex One Patch 3 (Build 8358) to address incompatibility issues with Windows 10 (20H1/2004).