Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Key Points:
- Zoom has released critical security updates addressing a severe vulnerability (CVE-2026-53412, CVSS score 9.8) in Zoom Workplace for Windows that could allow unauthenticated attackers to take over user accounts via network access.
- The flaw affects Zoom Workplace for Windows versions prior to 7.0.0 and Zoom Workplace VDI Client for Windows versions before 7.0.10, 6.6.15, and 6.5.18, requiring immediate patching by users.
- Additional high-severity vulnerabilities fixed include privilege escalation risks in Zoom Workplace VDI Plugin, Zoom Clients installation/uninstallation processes, and Zoom Rooms for Windows, with CVSS scores ranging from 7.0 to 7.8.
- The updates cover multiple Zoom products, including Zoom Workplace, Zoom Workplace VDI Client and plugin, Zoom Rooms for Windows, and Remote Control for Zoom Contact Center, all requiring users to update to the latest versions to mitigate risks.
- Currently, there is no evidence of these vulnerabilities being exploited in the wild, but users are strongly advised to apply the security patches promptly to protect their systems.