- 189/2022
- Critical
Zoom has released security updates to fix vulnerabilities across multiple products on Windows and macOS. The remote attacker could exploit these vulnerabilities to gain access, escalate privileges, and bypass security controls.
Sample of The Addressed Vulnerabilities:
- Zoom Client for Meetings and VDI Windows Meeting Clients code execution (CVE-2022-28755):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
- Local Privilege Escalation in the Zoom Rooms for Windows Client (CVE-2022- 28752):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
The Affected Products:
- Zoom On-Premise Meeting Connector Zone Controller (ZC)
- Zoom Rooms for Conference Room Windows
- Zoom Client for Meetings (macOS, and Windows)
- Zoom VDI Windows Meeting Clients
- Zoom On-Premise Meeting Connector MMR
Vulnerabilities
- CVE-2022-28753
- CVE-2022-28754
- CVE-2022-28755
- CVE-2022-28752
- CVE-2022-28750
- CVE-2022-28751
- CVE-2022-28756
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.