2 min read

Zoom patches Windows flaw rated 9.8 for account takeover

Zoom fixed a critical Windows bug, CVE-2026-53412, that could let attackers remotely take over accounts, plus three high-severity privilege-escalation flaws.

Image: TechRepublic

Zoom has patched a critical Windows vulnerability that could let an unauthenticated attacker remotely take over an account, along with three high-severity flaws that could help local users escalate privileges on affected systems.

The most serious issue, CVE-2026-53412, carries a CVSS score of 9.8 out of 10. According to the report, it is an improper input validation flaw in Zoom’s Windows software that could allow an attacker with network access to perform an account takeover without valid credentials. Zoom said it has no evidence of active exploitation.

The latest security release also fixes three Windows privilege-escalation bugs:

Recommended reading

Carders Want 'Clean' Residential Proxies Now

  • CVE-2026-53410: a time-of-check-to-time-of-use (TOCTOU) race condition during installation or uninstallation that could let an authenticated local user gain elevated privileges.
  • CVE-2026-53409: an improper privilege management flaw affecting Zoom Rooms for Windows.
  • CVE-2026-53411: another improper input validation issue in the Zoom Workplace VDI Plugin for Windows.

Romanus Prabhu Raymond, director of Technology at ManageEngine, told eSecurityPlanet:

“Vulnerability notices create a race between an organization’s endpoint strategy and hackers for control of these attractive high-value targets.”

Romanus Prabhu Raymond, Director of Technology at ManageEngine

What admins should update

The report says organizations should not limit patching to employee laptops. Security teams should also verify updates across Zoom Workplace, VDI Client, Meeting SDK, Zoom Rooms, and other managed Zoom components, while removing legacy or unmanaged installations.

It also recommends folding collaboration tools, VDI environments, and third-party SDKs into regular vulnerability management programs, enforcing multifactor authentication, applying least privilege, and monitoring for unusual Zoom-related endpoint and authentication activity.

The immediate priority is clear: install Zoom’s fixed releases and confirm every affected Windows component has actually been updated.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TechRepublic

// Keep reading