轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202603-00000009

[內容說明]
近日Zoom針對Zoom Workplace Windows版本發布重大資安公告(CVE-2026-30903，CVSS：9.6)，該漏洞存在於郵件功能中，因檔案名稱或路徑可被外部控制，可能允許未經身分驗證的攻擊者透過網路存取系統並提升權限。

[影響平台]
Zoom Workplace for Windows 6.6.0 之前的版本
Zoom Workplace VDI Client for Windows 版本 6.4.17、6.515 和 6.6.10之前的版本

[建議措施]
根據官方網站釋出的解決方式進行修補：https://www.zoom.com/en/trust/security-bulletin/zsb-26005/

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10758-31469-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000009

[Content Description]
Zoom recently released a major cybersecurity advisory (CVE-2026-30903, CVSS: 9.6) for the Windows version of Zoom Workplace. This vulnerability exists in the email function, and because file names or paths can be controlled externally, it could allow unauthenticated attackers to access the system and escalate privileges over the network.

[Affected Platforms]
Zoom Workplace for Windows versions prior to 6.6.0
Zoom Workplace VDI Client for Windows versions prior to 6.4.17, 6.515, and 6.6.10

[Recommended Actions]
Patch according to the solutions released on the official website: https://www.zoom.com/en/trust/security-bulletin/zsb-26005/

[References]
1. https://www.twcert.org.tw/tw/cp-169-10758-31469-1.html