{"id":8794,"date":"2026-07-16T17:30:44","date_gmt":"2026-07-16T17:30:44","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8794"},"modified":"2026-07-16T17:30:44","modified_gmt":"2026-07-16T17:30:44","slug":"zoom-patches-account-takeover-hole","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8794","title":{"rendered":"Zoom patches account takeover hole"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p class=\"wp-block-paragraph\">Zoom has identified, and patched, a critical security hole that \u201cmay allow an unauthenticated user to conduct an account takeover via network access.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The issue is especially significant given Zoom\u2019s extensive reach; it <a href=\"https:\/\/www.demandsage.com\/zoom-statistics\/\" target=\"_blank\" rel=\"noopener\">reportedly<\/a> has more than 300 million daily active users, including 470,000 paying business customers.\u00a0Given that reach, Zoom has been impacted by <a href=\"https:\/\/www.csoonline.com\/article\/4136834\/fake-zoom-meeting-silently-installs-surveillance-software-says-malwarebytes.html\" target=\"_blank\" rel=\"noopener\">many other security incidents<\/a> and France recently <a href=\"https:\/\/www.computerworld.com\/article\/4122979\/french-authorities-ban-teams-and-zoom.html\" target=\"_blank\" rel=\"noopener\">tried banning its use by French government users<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/\" target=\"_blank\" rel=\"noopener\">\u00a0Zoom security bulletins<\/a> released Tuesday revealed the bug, and three other security issues, which Zoom patched on Wednesday.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The company originally said that the takeover issue impacted Zoom Desktop Client for Windows before version 7.0.0, Zoom VDI Client for Windows before version 7.0.10 and 6.6.15 and 6.5.18 in their respective branches, and Zoom Meeting SDK for Windows, but on Wednesday, without explanation, it removed Meeting SDK for Windows as an affected product.<\/p>\n<p class=\"wp-block-paragraph\">The other three holes were less severe, but still significant, and they all involved privilege escalation. They impacted Zoom Workplace for Windows before version 7.0.5, Zoom Workplace VDI Client for Windows before 6.5.17 and 6.6.14 in their respective branches, Zoom Workplace VDI plugin for Windows before 6.5.17 and 6.6.14 in their respective branches, Zoom Rooms for Windows before 7.0.5 and Remote Control for Zoom Contact Center for Windows before version 7.0.0. <\/p>\n<p class=\"wp-block-paragraph\">A second privilege escalation issue impacted Zoom Rooms for Windows before version 7.1.0, and another impacted Zoom Workplace VDI Plugin for Windows before version 6.6.14.<\/p>\n<p class=\"wp-block-paragraph\">Zoom did not immediately reply to a request for comment.<\/p>\n<h2 class=\"wp-block-heading\">\u2018As bad as it gets\u2019<\/h2>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/my.idc.com\/getdoc.jsp?containerId=PRF004767\" target=\"_blank\" rel=\"noopener\">Frank Dickson<\/a>, group VP for security at IDC, said the nature of the reported hole is alarming.<\/p>\n<p class=\"wp-block-paragraph\">This bug \u201cis about as bad as it gets, short of a worm. It is exploitable over the network, low complexity, zero privileges required, no user interaction needed,\u201d he said, pointing out that exploitation is easy once technical details leak or someone reverse-engineers the patch, which is not as challenging as it once was, thanks to AI. \u201cYesterday\u2019s script kiddies have been empowered,\u201d he said.<\/p>\n<p class=\"wp-block-paragraph\">Dickson said the only good news is that Zoom discovered the hole itself, and that \u201cno in-the-wild exploitation has been reported by any outlet as of Thursday.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Consultant <a href=\"https:\/\/formergov.com\/directory\/brianlevine\" target=\"_blank\" rel=\"noopener\">Brian Levine<\/a>, executive director of FormerGov, agreed with Dickson\u2019s characterization of the hole, but said a potentially bigger issue is the high level of sensitive data that Zoom accesses.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cAn attacker with unfettered access to a Zoom account may be able to listen to recordings of sensitive meetings, to eavesdrop on future meetings, and to impersonate the organization in an effort to social engineer its clients and partners.\u00a0Thus, given that ubiquity of Zoom in large enterprises, this vulnerability is pretty concerning,\u201d Levine said. <\/p>\n<p class=\"wp-block-paragraph\">He\u2019s encouraged, however, that Zoom found the flaw itself, which indicates its security team is \u201cactually doing the hard, unglamorous work of auditing its code.\u201d<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.linkedin.com\/in\/trottagiuseppe\/\" target=\"_blank\" rel=\"noopener\">Giuseppe Trotta<\/a>, principal security researcher at Malwarebytes, has a theory about what was behind the Zoom disclosure.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cBecause the vulnerability requires zero privileges and absolutely no user interaction, the remote network attack vector is highly suspected to involve the mishandling of deep links, such as custom URL schemes like <em>zoommtg:\/\/<\/em> or <em>zoomworkplace:\/\/<\/em>,\u201d he said. This led him to think that if the Zoom Workplace client for Windows fails to properly sanitize and validate incoming arguments passed via these special browser-to-desktop links, an unauthenticated attacker could craft a malicious string that could trick the desktop application into exposing or redirecting the user\u2019s active session tokens directly to an attacker-controlled server, achieving a seamless and completely silent account takeover.<\/p>\n<p class=\"wp-block-paragraph\">\u201cWatch out for Zoom links and invites if you are on Windows or VDI and haven\u2019t updated yet,\u201d he advised.<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.linkedin.com\/in\/eclectiqus\/\" target=\"_blank\" rel=\"noopener\">Mike Wilkes<\/a>, enterprise CISO at Aikido Security, offered kudos to Zoom for discovering the critical flaw, but he wanted to know how such a severe bug got into its software initially.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThis vulnerability raises questions about why the defect was not caught by design review, fuzzing, or pre-release abuse-case testing,\u201d Wilkes said. \u201cA historical defect in Zoom\u2019s product\/security relationship has been prioritizing ease of use over security risk.\u201d<\/p>\n<h2 class=\"wp-block-heading\">All four bugs important<\/h2>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/acceligence.com\/talent\/profiles\/justin-greis\/\" target=\"_blank\" rel=\"noopener\">Justin Greis<\/a>, CEO of consulting firm Acceligence, said that the two types of holes reported by Zoom, account takeover and escalation, are both important, but for different reasons.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe critical vulnerability is significant because it has the characteristics security teams worry about most,\u201d Greis said, but the privilege escalation holes \u201care certainly important to patch as they primarily increase the impact of an attack that has already begun. The critical vulnerability has the potential to be an initial entry point, which is why it deserves the most attention.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Greis also applauded Zoom\u2019s response, saying that it \u201creflects a reasonably mature security program.\u201d<\/p>\n<p class=\"wp-block-paragraph\">He pointed out that no complex software platform will eliminate vulnerabilities entirely. \u201cThe differentiator is whether vendors are continuously investing in offensive testing, finding weaknesses before attackers do, and moving quickly to develop and distribute fixes,\u201d he said.<\/p>\n<p class=\"wp-block-paragraph\"><em>This article originally appeared on <a href=\"https:\/\/www.computerworld.com\/article\/4197949\/zoom-patches-account-takeover-hole.html\" target=\"_blank\" rel=\"noopener\">Computerworld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Zoom has identified, and patched, a critical security hole that \u201cmay allow an unauthenticated user to conduct an account takeover via network access.\u201d The issue is especially significant given Zoom\u2019s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers.\u00a0Given that reach, Zoom has been impacted by many [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8795,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8794"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8794"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8794\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8795"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}