Zoom Critical Vulnerability for Windows – Feb 2024

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

Zoom has released a new security update on 13 February 2024 for Windows platform. The security update is designed to patch a CRITICAL vulnerability.

  • Zoom released a security bulletin on 13 February 2024.
  • The security bulletin addresses a CRITICAL security vulnerability (CVE-2024-24691) that could cause an ‘Escalation of Privileges’ through Zoom client software.
  • The vulnerability has a CVSS score of 9.6 and requires immediate patching.
  • Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
  • Upgrading to the latest Zoom version will resolve the security vulnerability.

CVE-2024-24691 is a CVSS 9.6 CRITICAL vulnerability. The CRITICAL EoP (Escalation of Privileges) vulnerability affects the following Zoom client versions:

  • Zoom Desktop Client for Windows before version 5.16.5
  • Zoom VDI Client for Windows before version 5.16.10, excluding 5.14.14 and 5.15.12
  • Zoom Rooms Client for Windows before version 5.17.0
  • Zoom Meeting SDK for Windows before version 5.16.5

The Zoom Client Escalation of Privileges vulnerability can be resolved by upgrading the Zoom client software to the following versions:

  • Upgrade Zoom Desktop Client for Windows to version 5.17.7 (38159)
  • Upgrade Zoom VDI Client for Windows before version 5.16.10, excluding 5.14.14 and 5.15.12 to Zoom VDI Client version 5.17.5.
  • Upgrade Zoom Rooms Client for Windows to version 5.17.6 (3670)
  • Upgrade Zoom Meeting SDK for Windows before version 5.16.5 to version 5.17.6 for Windows

You could download the security patches for the corresponding client software from the download center of Zoom.

You can download the latest version of Zoom client for Windows from Zoom’s download center.

Alternatively, you could initiate a manual upgrade through the Zoom client software.

Zoom provides a pop-up notification when there is a new mandatory or optional update within 24 hours of logging in.

If you already have the Zoom desktop client installed, check for updates:

  1. Sign in to Zoom desktop client.
  2. Click your profile picture then click Check for Updates

If there is a newer version, Zoom will download and install it.

 If the desktop client was installed with the MSI installer by you or your IT team, AutoUpdate is disabled by default and the Check for Updates button is also removed. Please contact your IT team or Zoom account admin for help with updating. 

You can easily find the Zoom desktop client version on Windows using the following detailed instructions:

  1. Open and sign in to the Zoom desktop client .
  2. Click your profile picture to view client options. 
  3. Click Help, and then select About Zoom.  
    You will see the currently installed version of the Zoom desktop client.

More Security Stories

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.