Zoom Workplace and VDI Client for Windows Privilege Escalation Vulnerability

A vulnerability allowing external control of file names or paths has been identified in the Mail feature of Zoom Workplace for Windows, prior to version 6.6.0. This issue may enable an unauthenticated user to escalate privileges through network access. Additionally, the Zoom Workplace VDI Client for Windows is affected by this vulnerability in versions prior to 6.4.17, 6.5.15, and 6.6.10, depending on the branch.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation.

Remediation

Users are advised to update to the latest version of Zoom Workplace for Windows. Instructions for downloading the update are available on the Zoom Download page. For users of the Zoom Workplace VDI Client for Windows, updates can be obtained through the appropriate channels for their version branch.