Skype For Business Microsoft Skype For Business

stack.watch can notify you when security vulnerabilities are reported in Microsoft Skype For Business. You can add multiple products that you use with Skype For Business to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Microsoft Skype For Business with an average score of 9.8 out of ten. Last year Skype For Business had 3 security vulnerabilities published. Right now, Skype For Business is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 4.03.

Year Vulnerabilities Average Score
2020 1 9.80
2019 3 5.77
2018 3 7.50

It may take a day or so for new Skype For Business vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Skype For Business Security Vulnerabilities

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation

CVE-2020-1025 9.8 - Critical - July 14, 2020

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.

CVE-2020-1025 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Privilege Management

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request

CVE-2019-1490 5.4 - Medium - December 10, 2019

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

CVE-2019-1490 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Downstream Injection

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters

CVE-2019-1084 6.5 - Medium - July 15, 2019

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

CVE-2019-1084 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request

CVE-2019-0624 5.4 - Medium - January 17, 2019

A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

CVE-2019-0624 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability

CVE-2018-8546 5.9 - Medium - November 14, 2018

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

CVE-2018-8546 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content

CVE-2018-8311 8.8 - High - July 11, 2018

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

CVE-2018-8311 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared

CVE-2018-8238 7.8 - High - July 11, 2018

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

CVE-2018-8238 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.