IRONSMITHINTEL
CRITICALCVSS9.6
|CVE-2024-24691|Auth: none — network adjacent attacker sufficient|Reboot: not required|Est. 5 minutes (application restart only)|Manual only

Zoom < 5.16.5 — RCE

Improper input validation in the Zoom Desktop Client for Windows allows network-adjacent attackers to execute code. Update to Zoom 5.16.5 or later — Zoom auto-updates, but enterprise deployments may have auto-update disabled.

Published Feb 13, 2024 · Updated May 29, 2026
XLinkedIn
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker on the same network segment (e.g., corporate LAN or VPN) as the victim can exploit this during a Zoom session to execute code on the victim's machine. This is particularly concerning in corporate environments where all users share network access.

How the attack works

The Zoom Desktop Client for Windows has an improper input validation vulnerability that can be exploited by a network-adjacent attacker. This may allow the attacker to execute arbitrary code on the victim's system during a Zoom meeting or call.

Am I affected?Quick check

Probably yes if any of these apply:

All endpoints running Zoom Desktop Client
Managed deployments with auto-update disabled
Workstations on shared corporate networks
Running Zoom Desktop Client for Windows prior to 5.16.5

Affected OS versions

Windows 10Windows 11Windows Server 2019Windows Server 2022
Fixed inZoom Desktop Client for Windows 5.16.5
Real-world incidentsWhat we've seen

Zoom's Security Bulletin ZSB-24008 disclosed CVE-2024-24691 in February 2024 with a critical CVSS score of 9.6. Enterprise environments with locked-down Zoom deployments or disabled auto-update may have remained vulnerable for extended periods. Zoom clients that auto-update were patched quickly, but managed deployments require manual intervention.

How to patch

Manual remediation steps

5 minutes (application restart only)

Check Zoom Version

# Check installed Zoom version:
$zoomPath = "$env:APPDATA\Zoom\bin\Zoom.exe"
if (-not (Test-Path $zoomPath)) {
  $zoomPath = "$env:ProgramFiles\Zoom\bin\Zoom.exe"
}
if (Test-Path $zoomPath) {
  (Get-Item $zoomPath).VersionInfo.FileVersion
}
# Vulnerable if older than 5.16.5

Update Zoom

# Option 1: From Zoom client
# Click profile picture > Check for Updates

# Option 2: Via winget
winget upgrade Zoom.Zoom

# Option 3: Download from https://zoom.us/download

Enterprise Deployment via GPO or SCCM

# Download the MSI installer from https://zoom.us/download#client_4meeting
# Deploy via SCCM Software Distribution or Intune as a Win32 app
# Or push via GPO Software Installation

Verify

(Get-Item "$env:APPDATA\Zoom\bin\Zoom.exe").VersionInfo.FileVersion
# Must show 5.16.5 or later
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-24691

Related vulnerabilities

CRITICAL9.8

KB5002254: Windows 10, Windows 11 +3 more Security Update (March 2023)

Microsoft Outlook

CVE-2023-23397

HIGH7.8

KB5014678: Windows 10, Windows 11 +3 more Security Update (June 2022)

Microsoft Office

CVE-2022-30190

CRITICAL9.8

KB5002265: Microsoft Word 2016 / 365 Security Update — RTF Heap Corruption (February 2023)

Microsoft Word

CVE-2023-21716