Zoom: CVE-2022-22788: DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients
Description
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victim’s host. Users can help keep themselves secure by removing older versions of the Zoom Opener installer and running the latest version of the Zoom Opener installer from the “Download Now" button on the "Launch Meeting" page. User’s can also protect themselves by downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Solution(s)
- zoom-zoom-upgrade-latest
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center