High severity8.8NVD Advisory· Published Oct 13, 2017· Updated May 13, 2026

CVE-2017-11786

Description

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Affected products

Microsoft/Lync
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
Microsoft/Skype For Business
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
Microsoft Corporation/Skype for Businessv5
Range: Microsoft Lync 2013 SP1 and Skype for Business 2016

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786nvdPatchVendor Advisory
www.securityfocus.com/bid/101156nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039530nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000