Serious Vulnerability in Zoom Products for Windows (Feb '24)
What has happened?
Zoom has reported a serious security vulnerability in their products running on Windows. The vulnerability may allow attackers to gain unauthorised access via devices that are not running on the latest version of Zoom software, and could potentially lead to system compromise and data loss/leakage.
Which versions of Zoom products are affected?
Product | Affected Versions |
Zoom Desktop Client for Windows | Earlier than 5.16.5 |
Zoom VDI Client for Windows | Earlier than 5.16.10 (excluding 5.14.14 and 5.15.12) |
Zoom Rooms Client for Windows | Earlier than 5.17.0 |
Zoom Meeting SDK for Windows | Earlier than 5.16.5 |
What do I need to do?
Check and ensure you have the latest version of Zoom software on your Windows device (Select Help > About Zoom). If not, please update it immediately to the latest version by following the instructions below:
- Within the Zoom app, click on your profile picture then click “Check for Updates”.
- Click on “Install” to continue with the installation.
- Zoom will relaunch automatically once the installation is completed.
Detailed instructions are available here.
For more information
Please refer to the official advisory from SingCERT and Zoom:
- https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-018
- https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/
Please contact NUS IT Care at 6516 2080 or ITCare@nus.edu.sg should you have any queries.
Let’s all work together to keep NUS secure, bIT by bIT.