Security Advisory – Critical Vulnerability in Zoom Windows Applications

Zoom has disclosed a critical vulnerability, identified as CVE-2024-24691, affecting its Desktop Client, VDI Client, and Meeting SDK for Windows. This flaw, with a CVSS score of 9.6, arises from improper input validation and could enable an unauthenticated user to escalate privileges via network access. Users are urged to update to the latest versions to mitigate risks: Desktop Client before 5.16.5, VDI Client before 5.16.10 (excluding certain versions), Meeting SDK before 5.16.5, and Rooms Client before 5.17.0. The issue was discovered by Zoom’s Offensive Security team.

For more details, visit the Zoom Security Bulletin.