CVE-2024-27246
📋 TL;DR
A use-after-free vulnerability in Zoom Workplace Apps and SDKs allows authenticated users to cause denial of service through network access. This affects users of vulnerable Zoom applications who have network connectivity to the affected system. The vulnerability requires authentication but could disrupt service availability.
💻 Affected Systems
- Zoom Workplace Apps
- Zoom SDKs
📦 What is this software?
Rooms by Zoom
Rooms by Zoom
Rooms by Zoom
Workplace Virtual Desktop Infrastructure by Zoom
View all CVEs affecting Workplace Virtual Desktop Infrastructure →
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of Zoom applications, requiring restart or system reboot to restore functionality.
Likely Case
Temporary application crashes or instability affecting individual user sessions.
If Mitigated
Minimal impact with proper network segmentation and authentication controls limiting attack surface.
🎯 Exploit Status
Requires authenticated access and network connectivity; memory corruption vulnerability that could be leveraged for DoS.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Zoom security bulletin ZSB-24017 for specific patched versions
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24017/
Restart Required: Yes
Instructions:
1. Visit Zoom's security bulletin ZSB-24017
2. Identify affected products and versions
3. Update to the latest patched version
4. Restart affected applications/services
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Zoom applications to trusted users only
Authentication Hardening
allImplement strong authentication controls and monitor for suspicious authenticated sessions
🧯 If You Can't Patch
- Implement strict network access controls to limit which users can reach Zoom applications
- Monitor for application crashes or instability and have restart procedures ready
🔍 How to Verify
Check if Vulnerable:
Check installed Zoom application versions against affected versions listed in ZSB-24017Check Version:
Zoom desktop: Help > About; Command line varies by platformVerify Fix Applied:
Verify Zoom applications are updated to versions not listed as vulnerable in ZSB-24017📡 Detection & Monitoring
Log Indicators:
- Unexpected Zoom application crashes
- Memory access violation errors in application logs
- Multiple authentication attempts followed by crashes
Network Indicators:
- Unusual network patterns to Zoom applications from authenticated users
- Traffic spikes preceding application failures
SIEM Query:
source="zoom" AND (event_type="crash" OR error="memory" OR error="access_violation")