vulnerability

Microsoft Office: CVE-2017-11786: Skype for Business Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Oct 13, 2017	Jun 20, 2023	Jun 20, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Oct 13, 2017

Added

Jun 20, 2023

Modified

Jun 20, 2023

Description

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Solution

microsoft-skype_for_business_2016-kb4011159

References

BID-101156
CVE-2017-11786
https://attackerkb.com/topics/CVE-2017-11786
URL-https://support.microsoft.com/help/4011159

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today