<< Back
CVE Number Vulnerability Product Severity Date
CVE-2017-11786 Skype for Business Elevation of Privilege Vulnerability Microsoft Lync Critical 11-10-2017

Technical Information

Brief overview of the risk:
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests.

Detailed Information on the risk:
An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take any action that the user had permissions for, causing possible outcomes that could vary between users.

Further information on this exploit is available at : CVE-2017-11786

Affected Software

Microsoft Lync 2013 (32-bit) SP1
Microsoft Lync 2013 (64-bit) SP1
Microsoft Skype for Business 2016 (32-bit)
Microsoft Skype for Business 2016 (64-bit)