First published: Wed Jul 11 2018(Updated: )
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Lync | =2013-sp1 | |
Microsoft Skype for Business | =2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8238 is a security feature bypass vulnerability in Skype for Business and Lync.
Microsoft Lync 2013 SP1 and Microsoft Skype for Business 2016 are affected by CVE-2018-8238.
CVE-2018-8238 has a severity rating of 7.8 (critical).
Install the latest security updates and patches provided by Microsoft to fix CVE-2018-8238.
For more information about CVE-2018-8238, you can refer to the following links: [1] http://www.securityfocus.com/bid/104619, [2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238