A critical privilege escalation vulnerability in Zoom Workplace for Windows allows unauthenticated attackers to gain elevated system permissions by exploiting a file path control flaw.

The vulnerability involves "External Control of File Name or Path" within the Zoom Mail feature. An unauthenticated attacker with network access can exploit this flaw to manipulate file paths, potentially leading to the execution of malicious files or the overwriting of sensitive system components to escalate privileges.

A successful exploit could allow an attacker to gain administrative rights on a user's workstation, leading to data theft, malware installation, and persistent access to the corporate network. The CVSS score of 9.6 reflects the high risk of unauthorized privilege elevation on end-user devices.

Immediate Action: Update Zoom Workplace for Windows to version 6.6.0 or later immediately.

Proactive Monitoring: Use endpoint detection and response (EDR) tools to monitor for suspicious file system activity or unusual process spawning originating from the Zoom application.

Compensating Controls: Ensure that users do not have local administrative rights, which can limit the impact of privilege escalation vulnerabilities.

Public Exploit Available: false

Privilege escalation in widely deployed communication software is a critical threat. IT administrators must ensure that all Windows endpoints are running the latest version of Zoom Workplace to mitigate this risk and protect the organization's fleet of devices.