Zoom Contact Center for Windows prior to version 7 contains a data authenticity vulnerability that could allow for unauthorized remote control actions.

The application fails to perform sufficient verification of data authenticity during remote control operations. This could allow an attacker to bypass security checks and perform unauthorized actions within the remote control session.

The CVSS score of 7.8 (High) reflects the severity of allowing unauthorized remote control of a workstation. This could lead to the theft of sensitive information, installation of malware, or complete administrative control over the affected system, resulting in severe reputational and operational damage.

Immediate Action: Update the Zoom Contact Center for Windows client to version 7 or later immediately.

Proactive Monitoring: Review audit logs for remote control sessions and unauthorized administrative changes made to workstations.

Compensating Controls: Disable remote control features within the Zoom Contact Center application if they are not strictly required for business operations.

Public Exploit Available: false

Organizations using Zoom Contact Center must prioritize upgrading all Windows clients to version 7 or higher. This update is critical to closing the gap in remote control authenticity verification and protecting against potential system compromise.