CVE-2024-20695

Summary

CVE-2024-20695 is a newly disclosed vulnerability in Microsoft Skype for Business that allows an attacker to disclose information. By sending a specially crafted message, an attacker can force the application to reveal sensitive data, potentially including user credentials or confidential business information. This issue poses a significant risk, as it can be exploited through common communication channels with no user interaction required. Microsoft has released a patch to address this vulnerability, and it is strongly recommended that organizations apply the update as soon as possible to protect their systems. Successful exploitation of this vulnerability could lead to serious consequences, including data theft and unauthorized access to protected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.