Zoom Fix Critical Windows Flaw and Six Other Bugs [Update Now]

Zoom Patches Critical Vulnerability in Windows Applications

Video conferencing provider Zoom has released security updates to address seven vulnerabilities impacting its Windows, macOS, Linux, Android and iOS applications. The flaws consist of one critical risk bug, one high severity issue, and five medium severity glitches.

The most serious vulnerability is a critical improper input validation flaw, tracked as CVE-2024-24691, in the Zoom Desktop Client, VDI Client, Rooms Client and Meeting SDK for Windows. Successful exploitation of this bug, which has a CVSS severity score of 9.6, could allow an attacker with network access to escalate privileges on an affected system.

According to Zoom’s advisory, the vulnerable software versions are Desktop Client before 5.16.5, VDI Client before 5.16.10 excluding certain versions, Rooms Client before 5.17.0, and Meeting SDK before 5.16.5.

"Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access." advisory reads.

The company also addressed a high-severity vulnerability (CVE-2024-24697) related to an untrusted search path in the aforementioned Windows applications. This issue makes it possible for a local attacker without authentication to escalate privileges. 

Software versions containing this bug are Desktop Client before 5.17.0, VDI Client before 5.17.5 excluding certain releases, Meeting SDK before 5.17.0 and Rooms Client before 5.17.0.

Additionally, Zoom resolved two medium-risk information disclosure flaws in the Desktop Client, VDI Client and Meeting SDK for Windows tied to improper input validation.

Three other medium severity bugs were found across Zoom’s desktop and mobile clients that could be leveraged to cause a denial of service conditions or leak information. According to the security bulletins, successful exploits against these could enable denial-of-service attacks or unauthorized information access.

Mitigation and Workarounds

To mitigate potential attacks exploiting these vulnerabilities, Zoom recommends customers upgrade clients to the latest releases:

  • Desktop Client for Windows to version 5.16.5 or later
  • VDI Client for Windows to version 5.16.10 or later
  • Rooms Client for Windows to version 5.17.0 or later
  • Meeting SDK for Windows to version 5.16.5 or later
  • Other desktop and mobile clients to the newest available versions

At this time, Zoom does not include any data on active exploitation of these security flaws. The company’s advisory provides some basic details surrounding the bugs, with additional information available through its security bulletin page.

As video calling and remote work continue growing in popularity, providers like Zoom have become key targets for attackers. Users and responsible security personnel must ensure clients stay updated with the latest releases as new threats emerge.

Zoom recommends its users update their applications to the latest available releases as soon as possible.

Read Also
Post a Comment