Critical Privilege Elevation Flaw in Zoom’s Windows App Patched

February 14, 2024

Zoom, a cloud-based video conferencing service used for corporate meetings, educational sessions, and social gatherings, has patched a critical flaw in its Windows applications. The flaw, identified as CVE-2024-24691, was found in Zoom's desktop and VDI clients as well as the Meeting SDK for Windows. This improper input validation flaw could have allowed an unauthenticated attacker to escalate their privileges on a target system over the network. Zoom's popularity has soared during the COVID-19 pandemic, with many organizations turning to remote solutions to maintain operations. By April 2020, the platform was hosting 300 million daily meeting participants.

The flaw was discovered by Zoom's offensive security team and was given a CVSS v3.1 score of 9.6, marking it as 'critical'. The vulnerability affects the following product versions: The specifics of how the flaw could be exploited or the potential repercussions were not detailed, but the CVSS vector suggests that some user interaction would be necessary. This could involve clicking a link, opening a message attachment, or some other action that an attacker could use to exploit CVE-2024-24691.

For most users, Zoom should automatically prompt an update to the latest version. However, users can also manually download and install the latest release of the desktop client for Windows, version 5.17.7. In addition to the critical flaw, the latest Zoom release also addresses six other vulnerabilities. Users are advised to apply the security update as soon as possible to reduce the risk of external actors elevating their privileges, which could enable them to steal sensitive data, disrupt or eavesdrop on meetings, and install backdoors.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.