{"id":10334,"date":"2025-11-12T19:37:20","date_gmt":"2025-11-12T12:37:20","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10334"},"modified":"2026-02-03T19:39:27","modified_gmt":"2026-02-03T12:39:27","slug":"canh-bao-lo-hong-zoom-vdi-cho-phep-leo-thang-dac-quyen","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/11\/12\/canh-bao-lo-hong-zoom-vdi-cho-phep-leo-thang-dac-quyen\/","title":{"rendered":"C\u1ea3nh b\u00e1o: L\u1ed7 h\u1ed5ng Zoom VDI cho ph\u00e9p leo thang \u0111\u1eb7c quy\u1ec1n"},"content":{"rendered":"<p data-start=\"111\" data-end=\"513\">M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong Zoom Workplace VDI Client cho Windows, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n h\u1ea1n th\u1ea5p leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng. L\u1ed7 h\u1ed5ng mang m\u00e3 \u0111\u1ecbnh danh CVE-2025-64740, \u0111\u01b0\u1ee3c Zoom c\u00f4ng b\u1ed1 trong b\u1ea3n tin b\u1ea3o m\u1eadt ZSB-25042 v\u1edbi \u0111i\u1ec3m CVSS 7.5, cho th\u1ea5y m\u1ee9c \u0111\u1ed9 r\u1ee7i ro cao, \u0111\u1eb7c bi\u1ec7t \u0111\u1ed1i v\u1edbi c\u00e1c m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p s\u1eed d\u1ee5ng h\u1ea1 t\u1ea7ng VDI.<\/p>\n<p data-start=\"111\" data-end=\"513\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone  wp-image-10335\" src=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/zoom-300x167.png\" alt=\"\" width=\"649\" height=\"361\" srcset=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/zoom-300x167.png 300w, https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/zoom.png 700w\" sizes=\"(max-width: 649px) 100vw, 649px\" \/><\/p>\n<p data-start=\"515\" data-end=\"1115\">Theo ph\u00e2n t\u00edch, CVE-2025-64740 xu\u1ea5t ph\u00e1t t\u1eeb sai s\u00f3t trong qu\u00e1 tr\u00ecnh ki\u1ec3m tra t\u00ednh to\u00e0n v\u1eb9n v\u00e0 x\u00e1c th\u1ef1c ch\u1eef k\u00fd s\u1ed1 c\u1ee7a c\u00e1c th\u00e0nh ph\u1ea7n c\u00e0i \u0111\u1eb7t Zoom VDI Client. L\u1ed7i n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n v\u00e0 th\u1ef1c thi c\u00e1c th\u00e0nh ph\u1ea7n kh\u00f4ng \u0111\u00e1ng tin c\u1eady trong qu\u00e1 tr\u00ecnh c\u00e0i \u0111\u1eb7t ho\u1eb7c c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m t\u1ea1i m\u00e1y c\u1ee5c b\u1ed9. M\u1eb7c d\u00f9 vi\u1ec7c khai th\u00e1c y\u00eau c\u1ea7u k\u1ebb t\u1ea5n c\u00f4ng ph\u1ea3i c\u00f3 quy\u1ec1n truy c\u1eadp c\u1ee5c b\u1ed9 v\u00e0 c\u1ea7n s\u1ef1 t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, nh\u01b0ng khi chu\u1ed7i khai th\u00e1c th\u00e0nh c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 gi\u00e0nh \u0111\u01b0\u1ee3c quy\u1ec1n h\u1ec7 th\u1ed1ng (SYSTEM), t\u1eeb \u0111\u00f3 th\u1ef1c thi m\u00e3 \u1edf m\u1ee9c \u0111\u1eb7c quy\u1ec1n cao nh\u1ea5t v\u00e0 ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n m\u00e1y \u1ea3o ho\u1eb7c m\u00e1y ch\u1ee7 VDI m\u1ee5c ti\u00eau.<\/p>\n<p data-start=\"1117\" data-end=\"1597\">L\u1ed7 h\u1ed5ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u phi\u00ean b\u1ea3n Zoom Workplace VDI Client cho Windows, bao g\u1ed3m c\u00e1c phi\u00ean b\u1ea3n t\u1eeb 6.3.0 \u0111\u1ebfn 6.3.13, t\u1eeb 6.4.0 \u0111\u1ebfn 6.4.11 v\u00e0 t\u1eeb 6.5.0 \u0111\u1ebfn 6.5.9. Do \u0111\u00f3, qu\u1ea3n tr\u1ecb vi\u00ean \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb ki\u1ec3m tra phi\u00ean b\u1ea3n Zoom \u0111ang tri\u1ec3n khai tr\u00ean t\u1eebng endpoint b\u1eb1ng c\u00e1ch truy c\u1eadp menu Help trong \u1ee9ng d\u1ee5ng, x\u00e1c \u0111\u1ecbnh c\u00e1c h\u1ec7 th\u1ed1ng n\u1eb1m trong ph\u1ea1m vi b\u1ecb \u1ea3nh h\u01b0\u1edfng v\u00e0 x\u00e2y d\u1ef1ng k\u1ebf ho\u1ea1ch v\u00e1 ph\u00f9 h\u1ee3p, \u01b0u ti\u00ean nh\u1eefng m\u00e1y ch\u1ee9a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c thu\u1ed9c nh\u00f3m ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n truy c\u1eadp cao.<\/p>\n<p data-start=\"1599\" data-end=\"2067\">CVE-2025-64740 \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m trong m\u00f4i tr\u01b0\u1eddng VDI do t\u00ednh t\u1eadp trung ng\u01b0\u1eddi d\u00f9ng v\u00e0 d\u1eef li\u1ec7u. M\u1ed9t t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng b\u1ecb x\u00e2m ph\u1ea1m c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh b\u00e0n \u0111\u1ea1p \u0111\u1ec3 k\u1ebb t\u1ea5n c\u00f4ng di chuy\u1ec3n ngang trong h\u1ec7 th\u1ed1ng, leo thang \u0111\u1eb7c quy\u1ec1n tr\u00ean nhi\u1ec1u m\u00e1y \u1ea3o kh\u00e1c nhau, truy c\u1eadp kho d\u1eef li\u1ec7u n\u1ed9i b\u1ed9 ho\u1eb7c g\u00e2y gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5. V\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c c\u00f3 s\u1ed1 l\u01b0\u1ee3ng l\u1edbn endpoint VDI v\u00e0 ch\u00ednh s\u00e1ch ph\u00e2n quy\u1ec1n ch\u01b0a ch\u1eb7t ch\u1ebd, h\u1eadu qu\u1ea3 c\u00f3 th\u1ec3 lan r\u1ed9ng, k\u00e9o theo r\u1ee7i ro v\u1ec1 t\u00e0i ch\u00ednh, ph\u00e1p l\u00fd v\u00e0 uy t\u00edn.<\/p>\n<p data-start=\"2069\" data-end=\"2525\">Zoom khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00f9ng v\u00e0 qu\u1ea3n tr\u1ecb vi\u00ean c\u1eadp nh\u1eadt ngay l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t t\u1eeb ngu\u1ed3n t\u1ea3i ch\u00ednh th\u1ee9c. B\u00ean c\u1ea1nh vi\u1ec7c v\u00e1 l\u1ed7i, c\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt endpoint b\u1eb1ng c\u00e1ch \u00e1p d\u1ee5ng nguy\u00ean t\u1eafc \u0111\u1eb7c quy\u1ec1n t\u1ed1i thi\u1ec3u, h\u1ea1n ch\u1ebf quy\u1ec1n c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m, ki\u1ec3m so\u00e1t \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c ph\u00e9p ch\u1ea1y v\u00e0 gi\u00e1m s\u00e1t ch\u1eb7t ch\u1ebd c\u00e1c ti\u1ebfn tr\u00ecnh c\u00e0i \u0111\u1eb7t, c\u1eadp nh\u1eadt tr\u00ean h\u1ec7 th\u1ed1ng VDI. Nh\u1eefng bi\u1ec7n ph\u00e1p n\u00e0y gi\u00fap gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb khai th\u00e1c v\u00e0 h\u1ea1n ch\u1ebf t\u00e1c \u0111\u1ed9ng n\u1ebfu s\u1ef1 c\u1ed1 x\u1ea3y ra.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong Zoom Workplace VDI Client cho Windows, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n h\u1ea1n th\u1ea5p leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng. L\u1ed7 h\u1ed5ng mang m\u00e3 \u0111\u1ecbnh danh CVE-2025-64740, \u0111\u01b0\u1ee3c Zoom c\u00f4ng b\u1ed1 trong b\u1ea3n tin b\u1ea3o m\u1eadt [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10334","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10334"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10334\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}