Open Nav
Sign Up

Critical Privilege Elevation Flaw Patched in Zoom Windows Applications (CVE-2024-24691)

Bar Refael

February 15, 2024

Zoom has released a security update to address a critical vulnerability (CVE-2024-24691) in its Windows applications, including the Zoom Desktop Client, VDI Client, Meeting SDK, and Zoom Rooms Client. This flaw, discovered by Zoom’s offensive security team, has a CVSS v3.1 score of 9.6 and could allow an unauthenticated attacker to escalate privileges over the network. The vulnerability is due to improper input validation and requires some user interaction for exploitation. Users are urged to update their Zoom applications to the latest versions to mitigate the risk of attack.

Vulnerability Details:

  • CVE ID: CVE-2024-24691
  • Severity: Critical (CVSS v3.1 Score: 9.6)
  • Impact: Privilege Escalation
  • Affected Versions:
    • Zoom Desktop Client for Windows before version 5.16.5
    • Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
    • Zoom Rooms Client for Windows before version 5.17.0
    • Zoom Meeting SDK for Windows before version 5.16.5

Mitigation and Recommendations:

  • Immediate Action: Users should update their Zoom applications to the latest versions to patch the vulnerability. The latest release for the desktop client is version 5.17.7.
  • Manual Update: If automatic updates are not enabled, users can manually download and install the latest version from the Zoom website.
  • Stay Informed: Users should stay informed about any future security updates or advisories from Zoom.

Additional Vulnerabilities Addressed:

The latest Zoom release also addresses six other vulnerabilities, including issues related to privilege escalation, information disclosure, and denial of service. Users should apply the security update to protect against these additional vulnerabilities.

Conclusion:

Zoom users are advised to apply the security update as soon as possible to protect against the critical privilege elevation flaw and other vulnerabilities. Staying updated and vigilant is crucial for maintaining the security of Zoom meetings and protecting sensitive data.

Stay safe and secured,

OP Innovate’s Research team.

Resources highlights

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed

Fortinet FortiSandbox Under Active Attack (CVE-2026-39813 & Others)

Threat actors are actively exploiting multiple critical vulnerabilities affecting Fortinet FortiSandbox. The reported activity involves three unauthenticated vulnerabilities: CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. These flaws are…

Read more >

cve-2026-39813

Critical Wazuh Manager Vulnerability Enables Alert Tampering and Security Evidence Deletion

A critical vulnerability has been disclosed in Wazuh Manager that could allow attackers to tamper with security data, delete alerts, and manipulate forensic evidence stored…

Read more >

wazuh manager vulnerability
Under Cyber Attack?

Fill out the form and we will contact you immediately.