Many NFPs use ZOOM for team meetings. A potentially major security flaw was recently notified on the website securityaffairs. While the article is quite technical, it appears that you may need to uninstall the current version and install the latest to get the most up to date version, although NFP Resource’s Windows desktop version updated to ver 5.16.10 automatically.
The article commences:
“Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software.
The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.
The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges.
“Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.” reads the advisory.
The vulnerability impacts the following products:
- Zoom Desktop Client for Windows before version 5.16.5
- Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
- Zoom Rooms Client for Windows before version 5.17.0
- Zoom Meeting SDK for Windows before version 5.16.5
See also:
Cybersecurity: A vulnerable spot for NFPs
cyber-security-1-0-1-for-boards
Report Published – Digital Technology in the Not-for-Profit Sector