February 15, 2024 at 10:37AM
Zoom has disclosed security vulnerabilities, including a critical privilege escalation flaw (CVE-2024-24691). It affects Windows versions of Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDKs. Other vulnerabilities were also patched, with impacts ranging from denial of service to information disclosure. Users are urged to update to the latest version.
Based on the meeting notes, the key takeaways are:
– Zoom has disclosed a critical privilege escalation flaw, tracked as CVE-2024-24691 with a CVSS score of 9.6, which may enable privilege escalation for unauthenticated users via network access.
– The affected products include the Windows versions of the Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDK, with specific version numbers mentioned for each.
– Other vulnerabilities with medium and high severity were also addressed in the round of updates, each with its own CVE identifier and impact on different Zoom clients and functionality.
– Users are strongly advised to patch to the latest versions to address these security vulnerabilities.
Feel free to let me know if there’s anything else you need assistance with.