First published: Tue Jul 14 2020(Updated: )
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2013 | ||
=2016 | ||
=2013-sp1 | ||
=2019 | ||
=2015-cumulative_update_8 | ||
=2019-cumulative_update_2 | ||
Microsoft Lync | =2013 | |
Microsoft SharePoint Enterprise Server | =2016 | |
Microsoft SharePoint Foundation | =2013-sp1 | |
Microsoft SharePoint Server | =2019 | |
Microsoft Skype for Business | =2015-cumulative_update_8 | |
Microsoft Skype for Business | =2019-cumulative_update_2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1025 is an elevation of privilege vulnerability that exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation.
Microsoft Lync 2013, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 SP1, Microsoft SharePoint Server 2019, Microsoft Skype for Business 2015 Cumulative Update 8, and Microsoft Skype for Business 2019 Cumulative Update 2 are affected by CVE-2020-1025.
CVE-2020-1025 has a severity rating of critical with a score of 9.8.
To fix CVE-2020-1025, users should apply the necessary security updates provided by Microsoft.
You can find more information about CVE-2020-1025 on the Microsoft Security Guidance advisory page: [link](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025)