Full Report
Zoom security advisory (AV26-707)
Analysis Summary
# Vulnerability: Multiple Flaws in Zoom Clients and SDKs for Windows
## CVE Details
*Note: The specific CVE identifiers and standard CVSS scores are referenced via the underlying Zoom Security Bulletins (ZSB-26011 through ZSB-26014). Based on the advisory descriptions:*
- **CVE ID:** Not explicitly listed in summary; referenced as ZSB-26011, ZSB-26012, ZSB-26013, ZSB-26014
- **CVSS Score:** Varies by component (typically High to Medium for these classes of flaws)
- **CWE:**
- CWE-20 (Improper Input Validation)
- CWE-269 (Improper Privilege Management)
- CWE-362 (Race Condition)
## Affected Systems
- **Products:**
- Zoom Workplace (Desktop and VDI)
- Zoom Rooms
- Zoom Meeting SDK
- Remote Control for Zoom Contact Center
- **Versions:**
- Remote Control for Zoom Contact Center (Windows): Prior to 7.0.0
- Zoom Meeting SDK (Windows): Prior to 6.6.11
- Zoom Rooms (Windows): Prior to 7.1.0
- Zoom Workplace (Windows): Prior to 7.0.5
- Zoom Workplace VDI Client (Windows): Prior to 7.0.10, 6.5.18, 6.6.15, 6.5.17, and 6.6.14
- **Configurations:** Windows-based installations of Zoom client software and plugins.
## Vulnerability Description
This advisory covers multiple vulnerability classes across the Zoom eco-system for Windows:
1. **Improper Input Validation:** Found in Zoom Workplace and VDI Plugins, potentially allowing for code execution or security bypass via malformed data.
2. **Improper Privilege Management:** Affects Zoom Rooms for Windows; could allow a local user to gain elevated permissions on the host system.
3. **Race Condition:** Identified in various Zoom Clients for Windows, which could lead to unpredictable behavior or local privilege escalation during software operations or updates.
## Exploitation
- **Status:** Not reported as exploited in the wild at the time of advisory.
- **Complexity:** Medium (Race conditions and privilege management flaws often require specific timing or local access).
- **Attack Vector:** Local and Network (Input validation flaws may be triggered remotely; privilege management and race conditions usually require local access).
## Impact
- **Confidentiality:** High (Potential for data exposure or unauthorized access).
- **Integrity:** High (Potential for unauthorized modification of system files or settings).
- **Availability:** Medium (Potential for application crashes).
## Remediation
### Patches
Users and administrators should update to the following versions or later:
- **Zoom Workplace for Windows:** 7.0.5
- **Zoom Rooms for Windows:** 7.1.0
- **Zoom Meeting SDK for Windows:** 6.6.11
- **Remote Control for Zoom Contact Center:** 7.0.0
- **Zoom Workplace VDI Client:** 7.0.10, 6.5.18, or 6.6.15 (depending on the specific branch in use).
### Workarounds
- No specific software workarounds provided; immediate patching is the primary recommendation.
- Ensure non-administrative users do not have unnecessary write access to Zoom installation directories to mitigate race condition risks.
## Detection
- **Indicators of Compromise:** Unusual subprocesses spawning from Zoom.exe or ZoomRooms.exe with elevated privileges.
- **Detection methods:** Audit version numbers of installed Zoom software across the enterprise using MDM or endpoint management tools.
## References
- Zoom Workplace for Windows - Improper Input Validation: hxxps[://]www[.]zoom[.]com/en/trust/security-bulletin/zsb-26014/
- Zoom Rooms for Windows - Improper Privilege Management: hxxps[://]www[.]zoom[.]com/en/trust/security-bulletin/zsb-26011/
- Zoom Workplace VDI Plugin - Improper Input Validation: hxxps[://]www[.]zoom[.]com/en/trust/security-bulletin/zsb-26013/
- Zoom Clients for Windows - Race Condition: hxxps[://]www[.]zoom[.]com/en/trust/security-bulletin/zsb-26012/
- Zoom Security Bulletins Portal: hxxps[://]www[.]zoom[.]com/en/trust/security-bulletin/