Security Alert: Zoom Desktop Client

Please note that a new vulnerability has been discovered that affects the application “Zoom Meetings”. This vulnerability can be exploited by malicious actors to gain unauthorised access, compromise sensitive data, or disrupt normal operations.

Improper neutralisation of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

For customers with an ONGC Managed Security Services (MSSA) agreement:

We want to assure you that our expert team is proactively working to manage and remediate this vulnerability on your behalf. Our security analysts are actively monitoring the situation, and we will take the necessary steps to protect your environment from any potential exploitation. Our security team will contact you if any further action is required from you.

For customers with an ONGC Managed Services (MSA) agreement:

Zoom Meetings will be automatically updated through ONGC’s management software during the next patch cycle, which occurs every 14 days. If you want to remediate the issue before the next patch cycle, then we highly recommend following the vendor’s remediation steps outlined below.

For companies without an ONGC Managed Security Services (MSSA) or Managed Services (MSA) agreement:

We highly recommend following the recommended remediation steps outlined below to safeguard your systems and minimise any potential impact from this vulnerability.

Unsure if you have coverage? Check out our article on Managed Services vs Managed Security or contact our team to discuss available solutions.

Resolution:

Users can ensure this vulnerability is remediated by applying current updates from within the Zoom Meetings application or downloading the latest Zoom software with all current security updates from https://zoom.us/download.*
*For more information regarding this vulnerability, please visit Security Bulletins | Zoom