CVE-2022-22787 The Zoom Client for Meetings fails to validate the hostname before a server switch request.
The issue was announced in the March 2018 critical update advisory (link below) and was fixed in version 5.10.2.
Zoom is recommending all users upgrade to the latest version to ensure the safety of their meeting data. Prior to upgrading, make sure no meeting data is stored on the vulnerable system. If you are running a version prior to 5.10.0, we recommend you upgrade as soon as possible.
Zoom is a trusted and secure meeting platform. For more information about how to protect your data from technical hacks, or to learn about best practices for securing your network, visit the NCCIC website.
May 3, 2018 Zoom 5.10.2 Security Release
Zoom released a new update, 5.10.2 on May 3, 2018 that fixes a security issue. Prior to upgrading to this latest version, make sure no meeting data is stored on the vulnerable system. If you are running a version prior to 5.10.0, we recommend you upgrade as soon as possible.
Zoom Critical Update Advisory
Zoom released a new critical update which updates the Zoom client to v5.10.2, resolving a vulnerability that allowed for remote code execution (CVE-2022-22787). This vulnerability allows an attacker to potentially take control of your meeting data and system entirely. For more information about this vulnerability, visit our website here.
How to find the version of your Zoom Instance
To find the version of your Zoom instance, follow these steps:
1. On your desktop or laptop computer, open a web browser and go to zoom.zoomconference.com
2. In the upper-right corner of your screen, you will find an icon that looks like an envelope with a number in it (e.g.,
Timeline
Published on: 05/18/2022 17:15:00 UTC
Last modified on: 05/27/2022 15:19:00 UTC