Microsoft Skype For Business
Recent Microsoft Skype For Business Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | February 13, 2024 |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | October 10, 2023 |
| CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | October 10, 2023 |
| CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | July 12, 2022 |
| CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | April 12, 2022 |
| CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability | April 12, 2022 |
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | May 11, 2021 |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | May 11, 2021 |
By the Year
In 2024 there have been 1 vulnerability in Microsoft Skype For Business with an average score of 7.8 out of ten. Skype For Business did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.20 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
| 2019 | 3 | 5.77 |
| 2018 | 3 | 7.50 |
It may take a day or so for new Skype For Business vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Skype For Business Security Vulnerabilities
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2022-33633
7.2 - High
- July 12, 2022
Skype for Business and Lync Remote Code Execution Vulnerability
<p>An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation
CVE-2020-1025
9.8 - Critical
- July 14, 2020
<p>An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.</p> <p>To exploit this vulnerability, an attacker would need to modify the token.</p> <p>The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.</p>
Improper Input Validation
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request
CVE-2019-1490
5.4 - Medium
- December 10, 2019
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
Injection
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters
CVE-2019-1084
6.5 - Medium
- July 15, 2019
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Information Disclosure
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request
CVE-2019-0624
5.4 - Medium
- January 17, 2019
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
XSS
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546
5.9 - Medium
- November 14, 2018
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared
CVE-2018-8238
7.8 - High
- July 11, 2018
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content
CVE-2018-8311
8.8 - High
- July 11, 2018
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
Improper Input Validation
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
CVE-2017-0073
4.3 - Medium
- March 17, 2017
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
Information Disclosure
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
CVE-2017-0060
5.5 - Medium
- March 17, 2017
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Skype For Business Basic or by Microsoft? Click the Watch button to subscribe.
