Updated
Updated · Computerworld · Jul 16
Zoom Patches 4 Windows Flaws, Including Critical Account-Takeover Bug
Updated
Updated · Computerworld · Jul 16

Zoom Patches 4 Windows Flaws, Including Critical Account-Takeover Bug

3 articles · Updated · Computerworld · Jul 16

Summary

  • Tuesday bulletins detailed four Windows vulnerabilities that Zoom fixed Wednesday, led by a critical flaw that could let an unauthenticated attacker seize accounts over the network.
  • Versions before Zoom Desktop Client 7.0.0 and several Windows VDI releases were affected; Zoom initially listed Meeting SDK for Windows too, then removed it from the advisory without explanation.
  • Three additional bugs involved privilege escalation across Zoom Workplace, Zoom Rooms, VDI components and Remote Control for Zoom Contact Center, making follow-on attacks more damaging once access is gained.
  • Security experts called the takeover bug "about as bad as it gets" because it needs no user interaction or privileges, though no in-the-wild exploitation had been reported as of Thursday.
  • With more than 300 million daily active users and 470,000 paying business customers, the patch underscores the risk that compromised Zoom accounts could expose recordings, future meetings and trusted business identities.

Insights

How did Zoom's security miss a critical flaw so simple it required no user interaction to exploit?
With account takeovers possible in one click, is your most sensitive business conversation on Zoom truly private?

Critical Zoom Account Takeover Vulnerability (CVE-2026-53412) Rated 9.8: Immediate Patching Required to Prevent Exploitation

Overview

A critical security alert has been issued for Zoom products due to the CVE-2026-53412 vulnerability, which is rated 9.8 out of 10 on the CVSS scale. This flaw is especially dangerous because it is network-reachable and can be exploited without authentication, putting both individual users and organizations at immediate risk of account takeover. In response, Zoom released essential security patches on July 16, 2026, and urges all users to update their software promptly. Taking quick action is crucial to protect communications and data from potential attacks.

...