How to fix Zoom's Windows 10 user-info and password-leak problems

As the wellness crisis continues around the world, many people are turning to Zoom to communicate using voice and video with colleagues to work from abode and stay continued with family and friends. However, a new vulnerability has recently been discovered with the desktop application by security researcher Matthew Hickey (@HackerFantastic) and Twitter user Mitch (@g0dmode) that could allow hackers to obtain people'south Windows login name and password.

According to an investigation published by BleepingComputer, the problem is caused because how the Zoom client handles a Uniform Resources Locator (URL). When you use the Zoom conversation, any URL you send is converted into a hyperlink (for example, https://windowscentral.com), which is convenient to open websites using the default web browser.

The only caveat is that if y'all transport a Universal Naming Convention (UNC) path (for case, \\192.i.1.112\file-sharing-folder), Zoom volition also convert the path into an actionable link. If anyone clicks the link, Windows 10 (or another version) will attempt to connect to a remote host using the Server Message Block (SMB) network file-sharing protocol. When this happens, the system will also ship your sign-in name and NT Lan Managing director (NTLM) credential hash.

Although the hash containing your username and password are not sent in articulate-text, the data can be quickly obtained within seconds using many tools freely available online. In addition to someone stealing your credentials, malicious individuals can too utilize this vulnerability to launch applications on the local device when the link is actioned.

In this Windows 10 guide, we'll walk you through the steps to temporarily set the security vulnerability that could let attackers to obtain your device sign-in credentials until there's a permanent fix.

How to prepare Zoom sign in credential leak using Group Policy
How to set Zoom sign in credential leak using Registry

How to fix Zoom sign in credential leak using Group Policy

If you're running Windows x Pro (or Enterprise), the easiest fashion to foreclose the credential leak vulnerability while using Zoom is using the Local Group Policy Editor.

To forestall sending your credentials to a remote server with Zoom, use these steps:

Important: This is a temporary workaround, if you configure this policy on a computer joined into a domain or on a device connected to a file-sharing server, such as Network Fastened Storage (NAS), you'll take issues accessing the files on the remote reckoner.

Open up Commencement.
Search forgpedit.msc and clickOK to open the Local Grouping Policy Editor.
Browse the following path:

Calculator Configuration > Windows Settings > Security Settings > Local Policies > Security Options
On the right side, double-click the Network security: Restrict NTLM: Approachable NTLM traffic to remote servers policy.

Source: Windows Key
Select the Deny All option.

Source: Windows Central
Click the Apply button.
Click the OK push button.
Click the Yes button to confirm.

Source: Windows Fundamental

Once you consummate the steps, when using the Zoom client app on Windows ten, the sign-in NTLM credentials won't exist sent to a remote host when accessing a share.

In the case y'all alter your mind, you lot tin can roll back the previous settings using the aforementioned instructions, just on step No. five, select the Allow all option.

Configuring an exception (optional)

If you lot're configuring this policy on a device that needs to connect to a remote server, you lot can create an exception to admission the files or service with these steps:

Open Start.
Search forgpedit.msc and clickOK to open the Local Group Policy Editor.
Browse the post-obit path:

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
On the right side, double-click the Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication policy.

Source: Windows Key
Specify the TCP/IP address of the remote server y'all'll be trying to access resource.

Source: Windows Central
Click the Apply button.
Click the OK button.

Afterward you complete the steps, Zoom should no longer send your Windows sign-in credentials to a remote host, and y'all should be able to proceed accessing files on a remote server.

When you no longer need this configuration, y'all can undo the changes with the aforementioned instructions, merely on stride No. five, brand sure to clear the exception list.

How to set Zoom sign in credential leak using Registry

In the case you're running Windows 10 Home, you won't have access to the Local Group Policy Editor, just you can prevent Zoom from sending your credentials to a remote host past modifying the Registry.

Warning: This is a friendly reminder that editing the Registry is risky, and it can crusade irreversible damage to your installation if yous don't do it correctly. Information technology's recommended to make a full backup of your PC earlier proceeding. Likewise, this is a temporary workaround. If you configure this policy on a reckoner connected to a file-sharing server, such as Network Fastened Storage (NAS), you're likely not able to access files on the remote server.

To prevent leaking your device sign-in information when using Zoom, use these steps:

Open Kickoff.
Search for regedit and click the top outcome to open the Registry.
Browse the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Quick tip: On Windows 10, you can now copy and paste the path in the Registry's accost bar to quickly jump to the key destination.
Right-click the MSV1_0 key, selectNew, and click onDWORD (32-bit) Value.

Source: Windows Central
Name the key RestrictSendingNTLMTraffic and press Enter.
Double-click the newly created DWORD and set the value from 0 to 2.

Source: Windows Fundamental
Click the OK button.

After you complete the steps, the Zoom client should no longer transport your NTLM credentials over the network to a remote host that someone can utilise to steal your device sign-in information.

You can e'er revert the changes by using the same instructions, only on step No. 5, make certain to right-click the RestrictSendingNTLMTraffic key and select the Delete selection.

Configuring an exception (optional)

If you lot're configuring this policy on a device that needs to connect to a remote server, yous tin can create an exception to access the files or service with these steps:

Open Start.
Search for regedit and click the meridian issue to open up the Registry.
Browse the post-obit path:

HKEY_LOCAL_MACHINE\Organisation\CurrentControlSet\Command\Lsa\MSV1_0

Quick tip: On Windows 10, y'all can now copy and paste the path in the Registry'southward accost bar to quickly jump to the key destination.
Right-click the MSV1_0 key, selectNew, and click onDWORD (32-bit) Value.

Source: Windows Central
Name the fundamental ClientAllowedNTLMServers and press Enter.
Double-click the newly created DWORD and specify the TCP/IP address of the remote server you'll be trying to access resources.

Source: Windows Central
Click the OK button.

Once you complete the steps, you should be able to continue accessing files on a remote server while stopping the Zoom desktop customer from potentially sending your NTLM credentials over the network.

When you no longer need the configuration, you tin can undo the changes past using the same instructions, simply on footstep No. 5, make sure to correct-click the ClientAllowedNTLMServers key and select the Delete option.

More Windows x resources

For more than helpful articles, coverage, and answers to common questions about Windows x, visit the following resource:

Windows 10 on Windows Central – All you demand to know
Windows ten help, tips, and tricks
Windows ten forums on Windows Central

Where are all the guns in Dying Light 2?

Shooty bang bang

Where are all the guns in Dying Calorie-free 2?

It'due south past design, sure, but there's a distinct lack of firearms in Dying Calorie-free ii. For better or worse, modern medieval Villedor is a place to build your own weapons. Only what happened to the guns and ammo and might it ever brand a improvement?