Jul 2020: Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025 Published on July 14, 2020
Microsoft Office Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Products Associated with CVE-2020-1025
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1025 are published in these products:
Affected Versions
Microsoft Skype for Business Server 2019 CU2:- Version 7.0.0 and below publication is affected.
- Version 2015 CU 8 and below publication is affected.
- Before publication is affected.
- Version 16.0.0 and below publication is affected.
- Version 16.0.0 and below publication is affected.
- Version 15.0.0 and below publication is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.