vulnerability

Microsoft CVE-2017-11786: Skype for Business Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Oct 10, 2017	Oct 10, 2017	Aug 22, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Oct 10, 2017

Added

Oct 10, 2017

Modified

Aug 22, 2019

Description

An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests.
An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take any action that the user had permissions for, causing possible outcomes that could vary between users.
To exploit the vulnerability, an attacker could invite a user to an instant message session while using a malicious profile image.
The security update addresses the vulnerability by correcting how Skype for Business handles authentication requests.

Solutions

msft-kb4011179-1077aa5d-2a43-4b06-b77a-791f4abb5a2bmsft-kb4011179-8049c431-1a19-47b0-bc57-a69aab360b7c

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today