CVE-2017-11786
First published: Fri Oct 13 2017(Updated: )
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Lync | =2013-sp1 | |
| Microsoft Skype for Business | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/microsoft
- canonical/microsoft lync
- version/microsoft lync/2013-sp1
- canonical/microsoft skype for business
- version/microsoft skype for business/2016