CVE-2020-11443 : Security Advisory and Response

Zoom IT installer for Windows prior to version 4.6.10 has a vulnerability that allows standard users to delete files in %APPDATA%\Zoom, potentially leading to unauthorized file deletions.

Understanding CVE-2020-11443

This CVE describes a privilege escalation vulnerability in the Zoom IT installer for Windows.

What is CVE-2020-11443?

The Zoom IT installer for Windows (ZoomInstallerFull.msi) before version 4.6.10 allows standard users to delete files in %APPDATA%\Zoom, potentially leading to unauthorized file deletions.

The Impact of CVE-2020-11443

The vulnerability allows users to manipulate the installer to delete files that they would not typically have permission to delete, potentially causing data loss or system instability.

Technical Details of CVE-2020-11443

This section provides detailed technical information about the CVE.

Vulnerability Description

The Zoom IT installer for Windows prior to version 4.6.10 allows standard users to delete files in %APPDATA%\Zoom, exploiting SYSTEM privileges.

Affected Systems and Versions

Affected System: Windows
Affected Version: Zoom IT installer prior to 4.6.10

Exploitation Mechanism

Standard users can write to %APPDATA%\Zoom directory
Users can create links to other directories on the machine
The installer runs with SYSTEM privileges and follows these links, allowing users to delete files they normally couldn't

Mitigation and Prevention

Protect your system from CVE-2020-11443 with these mitigation strategies.

Immediate Steps to Take

Update Zoom IT installer to version 4.6.10 or later
Restrict standard user permissions on %APPDATA%\Zoom directory

Long-Term Security Practices

Regularly update software to the latest versions
Implement least privilege access controls to limit user permissions

Patching and Updates

Apply patches and updates provided by Zoom to address the vulnerability