Microsoft Defender 365 Vulnerability scans are showing every machine with 5.16.10 as vulnerable due to OpenSSL 3.1.1.1 use…

Need to be updated to 3.1.5 or newer ASAP

Thank you so much for pointing this out.  I am seeing this same issue.

Disappointingly, Nessus vulnerability scanners are not picking up on this vulnerability 😞

We have this vulnerability on almost every machine in our environment because Zoom seemingly doesn't care that their platform is vulnerable. I'm pretty disgusted, to say the least. I'll be using this example, and many others, to convince our CEO to let me migrate to Microsoft Teams instead.

Fact Check True ✅
They need to have this updated ASAP

This is not just Zoom.

The Microsoft PowerBI Desktop client also has an out of date OpenSSL version as well as several other vendors.
I tried to replace the out of date libssl-3-x64.dll and libcrypto-3-x64.dll across the machines in our domain, but Zoom signed their version of the dll files, and refuses to start with the updated dll files. Good for them for signing them, not something many other vendors do. On the flip side, they should have this patched and up to date already. 
Microsoft's Cloud Defender agent for Linux (mdatp) is running a curl version that is showing as critical. Microsoft chooses to hide this on their vulnerability scans, Tenable found it.
This is not just a Zoom problem, but an industry problem with these critical open source dependencies. 
 

Zoom 5.17 just released, but still has the 3.1.1 OpenSSL. I think we're just going to have to discontinue Zoom use and uninstall the app agency wide until it's resolved. 

I really wish we could just drop Zoom, but my boss hates Teams so we are pretty much stuck with a vulnerability on every one of our workstations. At least it isn't on any of our servers, but the workstations connect to our servers... This bad.

Tried the latest version and Using Zoom Meetings Client 5.17.0 (28375)
DisplayVersion 5.17.28375
Install source: https://zoom.us/client/5.17.0.28375/ZoomInstallerFull.msi?archType=x64

I can confirm that this version still utilises OpenSSL Version 3.1.1.0
C:\Program Files\Zoom\bin\libcrypto-3-zm.dll
C:\Program Files\Zoom\bin\libssl-3-zm.dll

Tried the latest version and Using Zoom Meetings Client 5.17.1 (28914) (64-bit)
DisplayVersion 5.17.28914
Install source: https://cdn.zoom.us/prod/5.17.1.28914/x64/ZoomInstallerFull.msi

I can confirm that this version still utilises OpenSSL Version 3.1.1.0
C:\Program Files\Zoom\bin\libcrypto-3-zm.dll
C:\Program Files\Zoom\bin\libssl-3-zm.dll

Still an issue. Zoom, please get this updated with a current version of OpenSSL. If you are doing a custom patch to the version you are running and consider this OK, please don't. We have no way of verifying compliance and this throws off our necessary reporting and patch management.