CVE-2017-11786
First published: Fri Oct 13 2017(Updated: )
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Lync Server | =2013-sp1 | |
| Microsoft Skype for Business | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11786?
CVE-2017-11786 is rated as important, emphasizing the potential impact on authentication security.
How do I fix CVE-2017-11786?
To mitigate CVE-2017-11786, update to the latest version of Microsoft Lync 2013 SP1 or Skype for Business 2016.
What types of systems are affected by CVE-2017-11786?
CVE-2017-11786 affects Microsoft Lync 2013 SP1 and Skype for Business 2016.
What does CVE-2017-11786 exploit?
CVE-2017-11786 exploits the way Skype for Business handles authentication requests, potentially allowing an attacker to steal an authentication hash.
Is CVE-2017-11786 a remote vulnerability?
CVE-2017-11786 can be exploited remotely, making it critical to apply security updates promptly.
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- vendor/microsoft
- canonical/microsoft lync server
- version/microsoft lync server/2013-sp1
- canonical/microsoft skype for business
- version/microsoft skype for business/2016