Skype for Business 2016 client critical exploit public available

The code mentions the Skype for Business 2016 client, but the base vulnerability affects also the Lync/Skype4b 2015 client:

  • Risksevere – exposes the user data
  • Exploit codes available here or here
    No user-interaction is required for the XSS to execute on the target machine. It will run regardless of whether or not they accept the message. The target only needs to be online.

Solution: apply asap the June 2017 update on the Skype4b 2016 or 2015 clients

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s