CVE-2023-28601 – This vulnerability in Zoom for Windows allows a... (How to Fix)

Q: What is the severity of CVE-2023-28601?

CVE-2023-28601 has a CVSS score of 8.3 (HIGH). This vulnerability in Zoom for Windows allows a malicious user to manipulate protected memory buffers, potentially compromising the integrity of the Zoom client. It affects Windows users running Zoom versions before 5.14.0. Attackers could exploit this to cause crashes or potentially execute arbitrary code.

📋 TL;DR

This vulnerability in Zoom for Windows allows a malicious user to manipulate protected memory buffers, potentially compromising the integrity of the Zoom client. It affects Windows users running Zoom versions before 5.14.0. Attackers could exploit this to cause crashes or potentially execute arbitrary code.

💻 Affected Systems

Products:

Zoom Client for Windows

Versions: All versions prior to 5.14.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows clients; macOS, Linux, mobile, and web clients are not affected.

📦 What is this software?

Zoom by Zoom

View all CVEs affecting Zoom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Client crashes, denial of service, or limited memory corruption leading to unstable application behavior.

🟢

If Mitigated

Minimal impact if patched promptly; isolated client issues without system-wide compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to interact with the Zoom client process; no public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.14.0 and later

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin/

Restart Required: Yes

Instructions:

1. Open Zoom client. 2. Click profile icon → Check for Updates. 3. Install update to version 5.14.0 or later. 4. Restart Zoom client.

🔧 Temporary Workarounds

Disable automatic updates temporarily

windows

Prevent vulnerable clients from updating automatically while planning patch deployment

Not applicable - configure via Zoom settings or group policy

🧯 If You Can't Patch

Restrict user permissions to prevent local exploitation
Monitor for unusual Zoom process behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings → About. If version is below 5.14.0, system is vulnerable.

Check Version:

wmic product where name="Zoom" get version

Verify Fix Applied:

Confirm Zoom version is 5.14.0 or higher in Settings → About.

📡 Detection & Monitoring

Log Indicators:

Zoom process crashes, memory access violations in Windows Event Logs

Network Indicators:

Unusual outbound connections from Zoom process

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Zoom.exe"

📊 Metadata

CVE ID: CVE-2023-28601

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-358

Published: June 13, 2023

Last Updated: November 21, 2024

🔗 References

https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28601, you might also want to check these: