Zoom Addresses Critical Windows Client Vulnerability

Zoom has recently patched a critical security vulnerability in its Windows Desktop Client, identified as CVE-2024-24691. This flaw, stemming from improper input validation, could allow unauthenticated attackers to escalate privileges via network access. The vulnerability affects several Zoom applications, including the Desktop Client, VDI Client, Meeting SDK, and Zoom Rooms Client for Windows.

The issue was discovered by Zoom’s internal security team and has been assigned a CVSS v3.1 score of 9.6, indicating its severity. Exploitation of this vulnerability requires some user interaction and could lead to significant security breaches if left unaddressed.

Affected Versions and Mitigation

The following versions are impacted by CVE-2024-24691:

  • Zoom Desktop Client for Windows versions prior to 5.16.5
  • Zoom VDI Client for Windows versions prior to 5.16.10 (excluding 5.14.14 and 5.15.12)
  • Zoom Rooms Client for Windows versions prior to 5.17.0
  • Zoom Meeting SDK for Windows versions prior to 5.16.5

Users are strongly advised to update their Zoom applications to the latest versions to mitigate the risk associated with this vulnerability. The updated versions are available for download on Zoom’s official website.

Broader Context

This is not the first time Zoom has addressed critical security issues in its Windows applications. In August 2025, the company patched a similar privilege escalation flaw that could have allowed attackers to gain elevated privileges over the network. The vulnerability was due to the application not always using explicit full paths when loading dynamic libraries, relying instead on Windows’ default search order. This oversight could have enabled attackers to place malicious DLLs in specific locations, leading to unauthorized code execution.

Additionally, in February 2024, Zoom fixed another critical vulnerability (CVE-2024-24691) in its Windows software. This flaw, also related to improper input validation, could have been exploited by attackers with network access to escalate privileges. The company released security updates to address this and other vulnerabilities, emphasizing the importance of keeping software up to date to maintain security.

These recurring vulnerabilities highlight the ongoing challenges in securing widely used communication platforms like Zoom. As remote work and virtual meetings continue to be integral to modern workflows, ensuring the security of these platforms is paramount. Users and organizations must remain vigilant, promptly applying security updates and following best practices to safeguard their systems against potential threats.

In conclusion, while Zoom’s swift response to these vulnerabilities is commendable, the frequency of such issues underscores the need for continuous improvement in software development and security practices. Users should prioritize regular updates and stay informed about potential risks to maintain a secure digital environment.