Microsoft Skype for Business and Lync CVE-2018-8238 Security Bypass Vulnerability

Summary

Microsoft Lync 2013 SP1 and Skype for Business 2016 are products of Microsoft in the us. Microsoft Lync (formerly Microsoft Office Communicator) 2013 SP1 is the new generation of enterprise integrated communication platform released. Skype for Business 2016 is an integrated communication platform for enterprises.

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka Skype for Business and Lync Security Feature Bypass Vulnerability. This affects Skype, Microsoft Lync.

Solution

The manufacturer has released the vulnerability repair program, please timely pay attention to the update:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238