Zoom critical flaw exposes windows desktop clients to privilege escalation attacks
Take action: If you are using Zoom Desktop Client, Zoom VDI Client, Zoom Meeting SDK for Windows or Zoom Rooms Client, patch ASAP. It's an easy patch, so don't delay.
Learn More
Zoom has patched a security flaw in several of its Windows applications, including:
- Zoom Desktop Client,
- Zoom VDI Client,
- Zoom Meeting SDK for Windows.
The flaw, tracked as CVE-2024-24691 (CVSS score 9.6) is a critical privilege escalation vulnerability. This vulnerability is caused by the applications' inadequate validation of user input. Malicious entities could exploit this flaw by transmitting specially crafted data packets over the network to the affected Zoom products.
If the application processes these packets, it may execute unintended actions, allowing the attacker to escalate privileges leading to data theft, malware installation, disruption of critical operations, or further attacks leveraging the compromised system.
The vulnerable products are the Zoom Desktop Client and Zoom VDI Client for Windows, versions preceding 5.16.5 and 5.16.10, respectively. Additionally, the Zoom Rooms Client for Windows versions earlier than 5.17.0 and the Zoom Meeting SDK for Windows versions prior to 5.16.5 are also affected.
Users are urged to immediately upgrade to the patched versions of the software
- 5.16.5 for the Desktop and Meeting SDK Clients,
- 5.16.10 for the VDI Client
- 5.17.0 for the Zoom Rooms Client
