Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Avoid the “Kittens of Doom” Emoji Attack, patch your Skype for Business client ...

0
0

Avoid the “Kittens of Doom” Emoji Attack, patch your Skype for Business client ...

A denial of service vulnerability exists in Skype for Business clients. If the attacker sends you a huge amount of emojis, e.g. cute kittens. Depending on the actual amount of kitten emojis, you might notice a short lag in your application (starting with 100 emojis). When receiving about 800 kittens at once, your Skype for Business client will stop responding for a few seconds. If a sender continues sending emojis your Skype for Business client will not be usable until the attack ends.

Note that the denial of service would not allow an attacker to execute code or to elevate the attacker’s user rights. So the issue is more of an annoyance than a real risk. Attackers would also be easily traced and blocked since everything is TLS.

There is already an update for click to run and MSI

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546

Further information:

https://threatpost.com/emoji-attack-can-kill-skype-for-business-chat/139186/

https://nvd.nist.gov/vuln/detail/CVE-2018-8546

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546

https://www.sec-consult.com/en/blog/2018/11/kitten-of-doom-patch-skype-for-business-immediately-cve-2018-8546/


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images