6/18 – Zoom Windows Client Vulnerability – Update Required
Technology Solutions recently became aware of four security bugs that affect pre-5.10.0 Zoom meeting clients. These bugs could allow bad actors to compromise another user's device.
- CVE-2022-22784 (CVSS score: 8.1) - Improper XML Parsing in Zoom Client for Meetings
- CVE-2022-22785 (CVSS score: 5.9) - Improperly constrained session cookies in Zoom Client for Meetings
- CVE-2022-22786 (CVSS score: 7.5) - Update package downgrade in Zoom Client for Meetings for Windows
- CVE-2022-22787 (CVSS score: 5.9) - Insufficient hostname validation during server switch in Zoom Client for Meetings
As a result of these bugs, on Saturday, June 18 at 12:01 am CT, Technology Solutions will require individuals logging in to UIC Zoom to have Zoom clients of version 5.10.0 or newer for Android, iOS, Windows, macOS, and Linux.
What action steps do I need to take?
We recommend that you update your Zoom client as soon as possible by following the instructions below. If you do not update your client prior to June 18, you will be prompted to update as you attempt to join your next Zoom meeting on or after June 18.
If you are using the Zoom client on your Android or Apple mobile device, please visit the Google Play or App Store to ensure you have the latest version of the Zoom app installed.
- Zoom Support: Updating the Zoom desktop client
- What is the minimum required version of the Zoom client?
What if I have questions?
More information about these exploits can be found at the article links below:
- https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html
- https://arstechnica.com/information-technology/2022/05/critical-zoom-vulnerabilities-fixed-last-week-required-no-user-interaction/
If you have additional questions, please contact Technology Solutions at it.uic.edu/ask-a-question.