With the COVID-19 pandemic, people switch to work at home strategy and usage of Zoom growth exponentially. But that increased usage has also made the platform a target for hacks, pranks, and harassment, often through Zoombombing. Few days ago security researcher Matthew Hickey (@HackerFantastic) and Twitter user Mitch (@g0dmode) discovered that the Zoom client will convert Windows UNC paths into a clickable link when you share those UNC paths through the Zoom chat messages.Real danger of this vulnerability is when user clicks on a UNC path link, Windows will attempt to connect to the remote site using the SMB file-sharing protocol by sending user’s login name and their NTLM password hash to open the the link resource.Although Zoom issues fix for UNC vulnerability yesterday, but experts recommend Windows users to turn off the automatic transmission of NTML credentials to a remote server feature from security policy settings.