Executive Summary

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. For an attack to be successful, this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business. The security update addresses the vulnerability by correcting how Skype for Business handles emojis.

Overview

Low
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Denial of Service
Released Nov 13 2018
Last Updated Nov 13 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

12 affected products
Product KB Article Severity Impact Restart Required
Microsoft Lync 2013 Service Pack 1 (32-bit) 4461487 (Security Update) Low Denial of Service Maybe
Microsoft Lync 2013 Service Pack 1 (64-bit) 4461487 (Security Update) Low Denial of Service Maybe
Microsoft Lync Basic 2013 Service Pack 1 (32-bit) 4461487 (Security Update) Low Denial of Service Maybe
Microsoft Lync Basic 2013 Service Pack 1 (64-bit) 4461487 (Security Update) Low Denial of Service Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Low Denial of Service No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Low Denial of Service No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Low Denial of Service No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Low Denial of Service No
Skype for Business 2016 (32-bit) 4461473 (Security Update) Low Denial of Service Maybe
Skype for Business 2016 (64-bit) 4461473 (Security Update) Low Denial of Service Maybe
Skype for Business 2016 Basic (32-bit) 4461473 (Security Update) Low Denial of Service Maybe
Skype for Business 2016 Basic (64-bit) 4461473 (Security Update) Low Denial of Service Maybe

Patches

3 patches
Article Type Restart
4461487 Security Update Maybe
Click to Run Security Update No
4461473 Security Update Maybe

Known Exploits

Acknowledgments