Security Advisory – Data Authenticity Vulnerability in Zoom Workplace VDI App for Windows

Zoom has disclosed a medium-severity vulnerability, CVE-2024-27244, in its Zoom Workplace VDI App for Windows, with a CVSS score of 6.7. The vulnerability arises from insufficient verification of data authenticity in the app’s installer. This flaw could potentially allow an authenticated user with local access to escalate their privileges.

The specific versions affected are all versions of the Zoom Workplace VDI App for Windows before 5.17.10, except for the 5.15.x series. Users of affected versions are advised to update their software to the latest version to mitigate the risk associated with this vulnerability.

Zoom has identified this issue through a report from an anonymous researcher and has taken steps to address the vulnerability in recent updates, which can be accessed through Zoom’s official download page.

For more detailed information and updates, users should refer to the official Zoom security bulletin.

Source: Zoom Security Bulletin