Описание
Skype for Business Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests.
An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take any action that the user had permissions for, causing possible outcomes that could vary between users.
To exploit the vulnerability, an attacker could invite a user to an instant message session while using a malicious profile image.
The security update addresses the vulnerability by correcting how Skype for Business handles authentication requests.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Lync 2013 Service Pack 1 (32-bit) | ||
| Microsoft Lync 2013 Service Pack 1 (64-bit) | ||
| Skype for Business 2016 (32-bit) | ||
| Skype for Business 2016 (64-bit) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Уязвимость программ мгновенного обмена сообщениями Skype for Business и Microsoft Lync, связанная с недостатками разграничения доступа, позволяющая нарушителю украсть хэш-код проверки подлинности
EPSS