Zoom recently addressed a critical security vulnerability in its Windows client which scored 9.6 on the CVSS severity scale. The flaw stemmed from how Zoom’s application loaded dynamic-link libraries (DLLs), relying on Windows’ default search order rather than specifying explicit file paths. This allowed attackers to place malicious DLLs in directories where Zoom would execute them, potentially granting full system control. Exploiting this vulnerability could lead to privilege escalation, data exfiltration—including access to recordings, contact lists, and credentials—and network compromise, with attackers potentially reaching domain controllers. The exploit was notably low in complexity, posing a significant risk even from relatively unsophisticated actors. Learn more at UC Today.