Endpoint Vulnerability

Microsoft Skype for Business Denial of Service Vulnerability

Description

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. For an attack to be successful, this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business. The security update addresses the vulnerability by correcting how Skype for Business handles emojis.

Affected Products

Microsoft Lync 2013 Service Pack 1 (32-bit),Skype for Business 2016 (32-bit),Skype for Business 2016 Basic (32-bit),Microsoft Lync 2013 Service Pack 1 (64-bit),Microsoft Lync Basic 2013 Service Pack 1 (32-bit),Microsoft Office 2019 for 64-bit editions,Skype for Business 2016 Basic (64-bit),Microsoft Office 2019 for 32-bit editions,Office 365 ProPlus for 32-bit Systems,Skype for Business 2016 (64-bit)

References

CVE-2018-8546,