CVE-2024-38016: Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2024-43460: Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVE-2024-38183: GroupMe Elevation of Privilege Vulnerability

CVE-2024-8639: Chromium: CVE-2024-8639 Use after free in Autofill

CVE-2024-8638: Chromium: CVE-2024-8638 Type Confusion in V8

**How could an attacker exploit this vulnerability?**

An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.

Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.

This exploit would allow the attacker to execute arbitrary code on the server.

Headline

CVE-2023-36786: Skype for Business Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News