Showing results for 
Search instead for 
Did you mean: 

CVE-2023-5678 CVE-2023-6237 CVE-2024-0727 - Is Zoom going to just pretend these don't exist forever?


Zoom meetings on Windows is vulnerable to the 3 CVEs listed: CVE-2023-5678 CVE-2023-6237 CVE-2024-0727 due to not upgrading to 3.1.5 of OpenSSL. It's been at least 4 months since some of them were disclosed if not longer.




Should we be planning to treat the desktop client as abandon ware? Are we simply paying $20+ a user a month for no reason? Was there an announcement that I missed that this was EOL software? I could understand if this was a free product but the lack of any action on this is highly concerning.


What could be more important than the security of your own platform and the data and trust of your paying customers? What could be taking a higher priority? Has the man or woman that will finally resolve this issue not been hired by Zoom yet and they're in a hiring freeze we're not aware of? Are the hundreds of millions in revenue not enough to staff appropriately and have development resources allocated to security vulnerabilities? Will they be writing us a check for the damages if their software leads to a breach or data disclosure due it's vulnerabilities? Will they offer us the option to terminate our contract with no penalty? Why must we keep paying if they're not interested in maintaining their platform? Why is it easier to get better service at your local fast food drive through than from the vendor you're paying tens if not hundreds of thousands of dollars each year in licensing fees?