Zoom patches critical security flaws across its Windows apps — update now to stay safe

News
By published

Multiple Zoom flaws could trigger escalation of privilege and information disclosure

Zoom pronouns
(Image credit: Zoom)

Zoom has fixed a major vulnerability in its Windows apps that allowed threat actors to escalate privileges remotely.

The company’s offensive team recently found an improper input validation flaw in Zoom Desktop Client for Windows before version 5.16.5, Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12), Zoom Rooms Client for Windows before version 5.17.0, and Zoom Meeting SDK for Windows before version 5.16.5.

The flaw is tracked as CVE-2024-24691 and carries a severity rating of 9.6 - critical.

Patching the flaws

Although the company did not detail the flaw, the publication speculates that it requires some level of victim interaction in order to be abused, citing the CVSS vector. This interaction, given usual hacking practices, could involve clicking a link, opening a malware-laden email attachment, or something similar.

Zoom has an automatic updater, so the next time you bring up the app, it should update on its own. For those that have disabled automatic updates, here’s a link where you can find the version 5.17.7 for Windows.

In the same advisory, Zoom also announced addressing six additional vulnerabilities, including one that allows privilege escalation through local access, three that allow information disclosure remotely, and one that allows for the denial of service, over the network. 

The company advises users to apply the patch as soon as possible to protect their endpoints.

Zoom is a popular cloud-based video conferencing service which companies often use to run remote meetings and calls, education, demonstrations, and similar. It rose to prominence during the Covid-19 pandemic, quickly becoming the most-used application in the world. At one point, it had 300 million daily meeting users. 

This also attracted plenty of hackers who saw this as an opportunity to steal sensitive company data, putting the spotlight on patches and quick fixes.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Poco F6 Pro in white from the back showing its Camera array and branding

For a mid-range handset, the Poco F6 Pro is premium in more ways than one, but I found it hard to ignore some of its key pitfalls
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models