CVE-2024-24697 is a high-severity vulnerability identified in certain 32-bit Windows clients of Zoom Video Communications, Inc. This vulnerability is classified under CWE-426, which pertains to an untrusted search path. Specifically, the issue arises because the Zoom client improperly handles the search path for loading executable files or libraries. An authenticated user with local access to the affected system can exploit this flaw to escalate privileges. The vulnerability requires local access and user interaction, and the attacker must already have some level of authenticated access (high privileges required). The CVSS 3.1 base score is 7.2, indicating a high impact on confidentiality, integrity, and availability, with a complex attack vector due to the need for local access and user interaction. The vulnerability allows an attacker to execute malicious code with elevated privileges by placing a malicious executable or library in a location that the Zoom client searches before the legitimate one, thereby hijacking the execution flow. This can lead to full system compromise, data theft, or disruption of services. No known exploits are currently reported in the wild, and no official patches have been linked yet, though the vulnerability has been publicly disclosed since February 2024.

For European organizations, this vulnerability poses a significant risk, especially in environments where Zoom is widely used on Windows 32-bit systems. The potential for privilege escalation means that an attacker who gains local access—whether through physical access, social engineering, or other means—could gain control over the affected machine. This could lead to unauthorized access to sensitive communications, intellectual property, or personal data, violating GDPR and other data protection regulations. Additionally, compromised systems could be used as footholds for lateral movement within corporate networks, increasing the risk of broader breaches. The impact is particularly critical for sectors relying heavily on Zoom for communication, such as finance, healthcare, government, and critical infrastructure, where confidentiality and integrity of communications are paramount.

Organizations should prioritize upgrading affected Zoom clients to versions that address this vulnerability once patches are released. Until then, practical mitigations include: 1) Restricting local access to systems running vulnerable Zoom clients to trusted personnel only; 2) Implementing application whitelisting and restricting execution of unauthorized binaries or DLLs in directories that Zoom searches; 3) Employing endpoint detection and response (EDR) tools to monitor for suspicious local privilege escalation attempts; 4) Educating users about the risks of local privilege escalation and enforcing strict user account controls to minimize privileges; 5) Considering migration to 64-bit Zoom clients if feasible, as the vulnerability is reported specifically for 32-bit versions; 6) Regularly auditing and hardening system PATH environment variables and directory permissions to prevent untrusted code execution; 7) Monitoring vendor advisories closely for official patches and applying them promptly.