1.0 Introduction
Recently, Zoom has released security updates to address the vulnerability in Zoom Rooms Client for Windows – Improper Access Control (CVE-2024-24693) and Zoom Rooms Client for Windows – Race Condition (CVE-2024-24692) products.
2.0 Impact
Improper access control and race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
3.0 Affected Products
- Zoom Room Client for Windows before version 5.17.5.
4.0 Recommendations
Users and system administrators are encouraged to review the Zoom Security Bulletin and upgrade to the latest version.
Kindly refer to the URL for more information:
- CVE-2024-24693: https://www.zoom.com/en/trust/security-bulletin/ZSB-24010/
- CVE-2024-24692: https://www.zoom.com/en/trust/security-bulletin/ZSB-24009/
Generally, CyberSecurity Malaysia advises the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24×7 call incident reporting)
Business Hours: Mon – Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References