Microsoft Skype For Business
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Skype For Business.
Recent Microsoft Skype For Business Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | February 13, 2024 |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | October 10, 2023 |
| CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | July 12, 2022 |
| CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | April 12, 2022 |
| CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability | April 12, 2022 |
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | May 11, 2021 |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | May 11, 2021 |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Skype For Business. Skype For Business did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 6.75 |
| 2023 | 3 | 7.20 |
| 2022 | 1 | 7.20 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
| 2019 | 3 | 5.40 |
| 2018 | 3 | 5.90 |
It may take a day or so for new Skype For Business vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Skype For Business Security Vulnerabilities
Microsoft Office RCE via Office Component
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Skype for Business Info Disclosure via Unauth Access
CVE-2024-20695
5.7 - Medium
- February 13, 2024
Skype for Business Information Disclosure Vulnerability
Microsoft Skype for Business RCE Vulnerability
CVE-2023-36789
7.2 - High
- October 10, 2023
Skype for Business Remote Code Execution Vulnerability
Skype for Business RCE via malicious content
CVE-2023-36786
7.2 - High
- October 10, 2023
Skype for Business Remote Code Execution Vulnerability
Skype for Business RCE Exploit CVE-2023-36780
CVE-2023-36780
7.2 - High
- October 10, 2023
Skype for Business Remote Code Execution Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2022-33633
7.2 - High
- July 12, 2022
Skype for Business and Lync Remote Code Execution Vulnerability
Jul 2020: Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025
- July 14, 2020
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request
CVE-2019-1490
5.4 - Medium
- December 10, 2019
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
Injection
Jul 2019:
CVE-2019-1084
- July 15, 2019
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request
CVE-2019-0624
5.4 - Medium
- January 17, 2019
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
XSS
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546
5.9 - Medium
- November 14, 2018
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
Jul 2018:
CVE-2018-8238
- July 11, 2018
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
Jul 2018:
CVE-2018-8311
- July 11, 2018
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
CVE-2017-0073
4.3 - Medium
- March 17, 2017
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
Information Disclosure
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
CVE-2017-0060
5.5 - Medium
- March 17, 2017
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Skype For Business or by Microsoft? Click the Watch button to subscribe.
