Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Close-up of a person using a laptop — endpoint security and EDR for Sydney businesses

Zoom’s Critical Windows Flaw: Why Your Patching Probably Missed It

Zoom has warned of a critical flaw in its Windows desktop client. CVE-2026-53412 is rated 9.8 out of 10. It’s an improper input validation bug that lets an unauthenticated attacker take over an account over the network — no credentials, no local access, no click from the victim. Zoom found it internally and says there’s no sign of exploitation yet. That’s the good news, and it won’t last forever.

Affected: Zoom Workplace for Windows before 7.0.0, and the Windows VDI Client before 7.0.10, 6.6.15 and 6.5.18. Zoom’s own bulletin ZSB-26014 has the detail.

The Bit That Should Worry You More Than the Score

A 9.8 gets attention. What gets missed is that Zoom usually isn’t in the patching baseline at all. In the Australian client environments we audit, Zoom is almost never deployed by IT — someone installed it during a hybrid-work scramble in 2020 and it stuck. The default installer drops it into each user’s AppData folder rather than machine-wide, so patch policies looking at the standard installed-programs list often don’t see it. The report comes back green. Zoom is still on 6.x.

Zoom is the app everyone uses daily and nobody owns. We see this constantly across Northern Beaches hybrid teams, where half the staff set up their own laptops and the office server got the attention instead.

What to Do Today

  • Check the version, don’t assume. In Zoom: profile picture → Help → About. Anything below 7.0.0 needs updating.
  • Don’t rely on auto-update. It’s frequently disabled or blocked by policy on managed devices, and it only runs when the app is restarted — which for a lot of people is never.
  • Check VDI clients separately. They have their own version numbers and are easy to overlook.
  • For managed fleets, deploy the machine-wide MSI so Zoom actually shows up in your patch reporting from now on.

Nothing is being exploited today. But a 9.8 unauthenticated account takeover in software installed on millions of Windows machines is not a race you want to be at the back of.

Not Sure What’s Actually Installed on Your Fleet?

All IT Services patches the apps your staff installed themselves, not just the ones IT deployed. If your patch reports look suspiciously green, that’s usually why.


Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →