Zoom has released a new security update on 13 February 2024 for Windows platform. The security update is designed to patch a CRITICAL vulnerability.
Salient points
- Zoom released a security bulletin on 13 February 2024.
- The security bulletin addresses a CRITICAL security vulnerability (CVE-2024-24691) that could cause an ‘Escalation of Privileges’ through Zoom client software.
- The vulnerability has a CVSS score of 9.6 and requires immediate patching.
- Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
- Upgrading to the latest Zoom version will resolve the security vulnerability.
Zoom – Affected versions
CVE-2024-24691 is a CVSS 9.6 CRITICAL vulnerability. The CRITICAL EoP (Escalation of Privileges) vulnerability affects the following Zoom client versions:
- Zoom Desktop Client for Windows before version 5.16.5
- Zoom VDI Client for Windows before version 5.16.10, excluding 5.14.14 and 5.15.12
- Zoom Rooms Client for Windows before version 5.17.0
- Zoom Meeting SDK for Windows before version 5.16.5
Remediation of CVE-2024-24691
The Zoom Client Escalation of Privileges vulnerability can be resolved by upgrading the Zoom client software to the following versions:
- Upgrade Zoom Desktop Client for Windows to version 5.17.7 (38159)
- Upgrade Zoom VDI Client for Windows before version 5.16.10, excluding 5.14.14 and 5.15.12 to Zoom VDI Client version 5.17.5.
- Upgrade Zoom Rooms Client for Windows to version 5.17.6 (3670)
- Upgrade Zoom Meeting SDK for Windows before version 5.16.5 to version 5.17.6 for Windows
You could download the security patches for the corresponding client software from the download center of Zoom.
How to update Zoom for Windows?
You can download the latest version of Zoom client for Windows from Zoom’s download center.
- Clicking download from the link at https://zoom.us.
- Directly from one of the following links:
Alternatively, you could initiate a manual upgrade through the Zoom client software.
Zoom provides a pop-up notification when there is a new mandatory or optional update within 24 hours of logging in.
If you already have the Zoom desktop client installed, check for updates:
- Sign in to Zoom desktop client.
- Click your profile picture then click Check for Updates
If there is a newer version, Zoom will download and install it.
If the desktop client was installed with the MSI installer by you or your IT team, AutoUpdate is disabled by default and the Check for Updates button is also removed. Please contact your IT team or Zoom account admin for help with updating.
How to check the current version of Zoom for Windows?
You can easily find the Zoom desktop client version on Windows using the following detailed instructions:
- Open and sign in to the Zoom desktop client .
- Click your profile picture to view client options.
- Click Help, and then select About Zoom.
You will see the currently installed version of the Zoom desktop client.
More Security Stories
- CISA adds Microsoft Exchange vulnerability to the KEV database
- CISA adds Cisco ASA vulnerability to KEV Catalog
- Microsoft reports 73 security vulnerabilities in Patch Tuesday – Feb 2024
- Adobe reports CRITICAL security vulnerabilities in multiple products
- Data breach at France’s data protection agency CNIL
- Bank of America Data Breach at Infosys McCamish Systems
- CISA adds Roundcube Webmail XSS Vulnerability to KEV catalog
- Zero-day vulnerability in FortiOS – CVE-2024-21762
- Critical Security Vulnerabilities in Cisco Expressway Series
- 2 Critical Vulnerabilities reported by Fortinet
- Verizon Data Breach – Feb 2024
- AnyDesk Cyberattack incident – February 2024
- Cloudflare Data Breach – November 2023
- Ivanti VPN Vulnerabilities – Jan 2024
- Mercedes Source Code Leak – Jan 2024
- Schneider Electric Ransomware attack – Jan 2024
- Android Security Update – Feb 2024
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.