CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2017-11786 | Skype for Business Elevation of Privilege Vulnerability | Microsoft Lync | Critical | 11-10-2017 |
Technical Information
Brief overview of the risk:
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests.
Detailed Information on the risk:
An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take any action that the user had permissions for, causing possible outcomes that could vary between users.
Further information on this exploit is available at : CVE-2017-11786
Affected Software
Microsoft Lync 2013 (32-bit) SP1
Microsoft Lync 2013 (64-bit) SP1
Microsoft Skype for Business 2016 (32-bit)
Microsoft Skype for Business 2016 (64-bit)