Skype For Business Microsoft Skype For Business

Do you want an email whenever new security vulnerabilities are reported in Microsoft Skype For Business?

Recent Microsoft Skype For Business Security Advisories

Advisory Title Published
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability July 12, 2022
CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability April 12, 2022
CVE-2022-26911 Skype for Business Information Disclosure Vulnerability April 12, 2022
CVE-2021-26421 Skype for Business and Lync Spoofing Vulnerability May 11, 2021
CVE-2021-26422 Skype for Business and Lync Remote Code Execution Vulnerability May 11, 2021

By the Year

In 2022 there have been 1 vulnerability in Microsoft Skype For Business with an average score of 7.2 out of ten. Skype For Business did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 7.20
2021 0 0.00
2020 1 9.80
2019 3 5.77
2018 3 7.50

It may take a day or so for new Skype For Business vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Skype For Business Security Vulnerabilities

Skype for Business and Lync Remote Code Execution Vulnerability.

CVE-2022-33633 7.2 - High - July 12, 2022

Skype for Business and Lync Remote Code Execution Vulnerability.

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation

CVE-2020-1025 9.8 - Critical - July 14, 2020

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.

Improper Privilege Management

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request

CVE-2019-1490 5.4 - Medium - December 10, 2019

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

Injection

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters

CVE-2019-1084 6.5 - Medium - July 15, 2019

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

Information Disclosure

A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request

CVE-2019-0624 5.4 - Medium - January 17, 2019

A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

XSS

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability

CVE-2018-8546 5.9 - Medium - November 14, 2018

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared

CVE-2018-8238 7.8 - High - July 11, 2018

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content

CVE-2018-8311 8.8 - High - July 11, 2018

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Skype For Business or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe