Zoom has disclosed a critical-severity vulnerability in its Windows desktop client and Windows SDK, warning that an unauthenticated remote attacker can exploit it to fully hijack victim accounts — no