New Search

Skype for Business Elevation of Privilege Vulnerability – CVE-2017-11786

oval:org.cisecurity:def:3460

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere due to how Skype for Business handles authentication requests aka "Skype for Business Elevation of Privilege Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 10
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
Class:
vulnerability
Reference(s):
  • CVE-2017-11786
Product(s):
  • Microsoft Lync 2013
  • Skype for Business 2016