A high-severity vulnerability has been identified in Zoom Rooms for Windows, which allows an attacker to bypass security checks and downgrade the software to an older, less secure version. Successful exploitation could allow a threat actor to re-introduce previously fixed vulnerabilities, potentially leading to system compromise, unauthorized access to meetings, or lateral movement within the network. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this risk.

This vulnerability is a Protection Mechanism Failure. The update process in the affected software does not properly validate the version of a new software package before installation. An attacker with the ability to introduce a software package to the target system (e.g., through local access or by tricking a user or an automated process) can provide a legitimate, but older, version of Zoom Rooms. The system fails to reject this downgrade, allowing the attacker to replace the current, secure version with an older one containing known and exploitable vulnerabilities.

This vulnerability is rated as High severity with a CVSS score of 7.8. The primary business impact stems from the potential compromise of Zoom Rooms systems, which are often located in sensitive areas like executive boardrooms and conference rooms. Successful exploitation could lead to eavesdropping on confidential meetings, unauthorized access to sensitive information shared during sessions, or using the compromised device as a pivot point to attack the broader corporate network. This could result in data breaches, intellectual property theft, reputational damage, and loss of customer trust.

Immediate Action: Apply vendor security updates immediately. All instances of Zoom Rooms for Windows should be updated to version 6.0 or a later version to remediate this vulnerability. Following the update, review system and application logs for any unusual activity or unauthorized version changes that may have occurred prior to patching.

Proactive Monitoring: Monitor for unexpected software downgrade events in application and system logs. Network monitoring should be configured to detect traffic from Zoom Rooms devices to unusual or non-Zoom domains, which could indicate a compromised update source. Endpoint Detection and Response (EDR) solutions should be used to monitor for suspicious processes or file modifications on the underlying Windows operating system.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate Zoom Rooms devices on a separate VLAN with strict ingress and egress filtering. Restrict administrative access to the underlying Windows OS and enforce application control policies (whitelisting) to prevent the execution of unauthorized or outdated installers.

Public Exploit Available: false

Given the High severity (CVSS 7.8) of this vulnerability and the critical function of communication platforms within an enterprise, we strongly recommend that organizations prioritize patching all affected Zoom Rooms for Windows systems without delay. Although this vulnerability is not currently listed on the CISA KEV catalog, its nature as a protection bypass makes it a prime target for future exploitation. Proactive patching remains the most effective strategy to prevent the compromise of these critical assets.