CVE-2018-8238
First published: Wed Jul 11 2018(Updated: )
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Lync | =2013-sp1 | |
| Microsoft Skype for Business | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8238?
CVE-2018-8238 is a security feature bypass vulnerability in Skype for Business and Lync.
What software is affected by CVE-2018-8238?
Microsoft Lync 2013 SP1 and Microsoft Skype for Business 2016 are affected by CVE-2018-8238.
What is the severity of CVE-2018-8238?
CVE-2018-8238 has a severity rating of 7.8 (critical).
How can I fix CVE-2018-8238?
Install the latest security updates and patches provided by Microsoft to fix CVE-2018-8238.
Are there any additional references to CVE-2018-8238?
For more information about CVE-2018-8238, you can refer to the following links: [1] http://www.securityfocus.com/bid/104619, [2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/references
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft lync
- version/microsoft lync/2013-sp1
- canonical/microsoft skype for business
- version/microsoft skype for business/2016