Multiple vulnerabilities in Zoom products for Windows, including the Meeting SDK, Rooms, Workplace, and VDI Client, allow a remote attacker to achieve privilege escalation. Affected specific versions include Zoom Meeting SDK for Windows before 6.6.11 in the 6.6.x branch, Zoom Rooms for Windows before 6.6.0 and before 6.6.5, Zoom Workplace for Windows before 6.6.0 and before 6.6.11 in the 6.6.x branch, and Zoom Workplace VDI Client for Windows before versions 6.4.15, 6.4.17, 6.5.13, 6.5.15, and 6.6.10 in their respective branches. The vendor has provided specific fixes via multiple security bulletins (ZSB-26002 through ZSB-26005), which must be applied.
Multiple vulnerabilities were identified in Zoom Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege on the targeted system. Impact Elevation of Privilege System / Technologies affected Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch Zoom Rooms for Windows before version 6.6.0 Zoom Rooms for Windows before version 6.6.5 Zoom Workplace for Windows before version 6.6.0 Zoom Workplace for Windows before version 6.6.11 in the 6.6.x branch Zoom Workplace VDI Client for Windows version 6.6.10 specifically (VDI branches below 6.6.x are not affected) Zoom Workplace VDI Client for Windows before versions 6.4.15, 6.4.17, 6.5.13, 6.5.15, and 6.6.10 in their respective branch Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://www.zoom.com/en/trust/security-bulletin/zsb-26002/ https://www.zoom.com/en/trust/security-bulletin/zsb-26003/ https://www.zoom.com/en/trust/security-bulletin/zsb-26004/ https://www.zoom.com/en/trust/security-bulletin/zsb-26005/