The vulnerability of Skype for Business and Microsoft Lync messaging programs, related to deficiencies in access control, allows attackers to steal authentication hash codes.

🗓️ 23 Nov 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Access control flaw in Skype for Business and Lync allows theft and reuse of authentication hash codes via a crafted profile.

Reporter	Title	Published	Views	Family All 16
CNVD	Microsoft Skype for Business Elevation of Privilege Vulnerability	11 Oct 201700:00	–	cnvd
CVE	CVE-2017-11786	13 Oct 201713:00	–	cve
Cvelist	CVE-2017-11786	13 Oct 201713:00	–	cvelist
Microsoft KB	Description of the security update for Skype for Business 2016: October 10, 2017	10 Oct 201707:00	–	mskb
Microsoft KB	Security update 2017-10-10	10 Oct 201707:00	–	mskb
Kaspersky	KLA11113 Multiple vulnerabilities in Microsoft Office	10 Oct 201700:00	–	kaspersky
Microsoft CVE	Skype for Business Elevation of Privilege Vulnerability	10 Oct 201707:00	–	mscve
myhack58	Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net	12 Oct 201700:00	–	myhack58
NVD	CVE-2017-11786	13 Oct 201713:29	–	nvd
OpenVAS	Microsoft Lync 2013 Service Pack 1 Elevation of Privilege Vulnerability (KB4011179)	11 Oct 201700:00	–	openvas

Vulners

Node

microsoft skype_for_businessMatch2016

Source	Link
securityfocus	www.securityfocus.com/bid/101156
securitytracker	www.securitytracker.com/id/1039530
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 38.8

CVSS 29.3

EPSS0.11493

Skype for Business Microsoft Lync access control authentication hash crafted user profile