Summary
This security update resolves vulnerabilities in Microsoft Skype for Business Server. To learn more about these vulnerabilities, see the following security advisories:
-
Skype for Business Elevation of Privilege Vulnerability CVE-2023-41763
-
Skype for Business Remote Code Execution Vulnerability CVE-2023-36789
-
Skype for Business Remote Code Execution Vulnerability CVE-2023-36786
-
Skype for Business Remote Code Execution Vulnerability CVE-2023-36780
Note To apply this security update, you must have the release version of the following products installed:
-
Microsoft Skype for Business Server 2019
-
Microsoft Skype for Business Server 2015
Known issues in this update
In Skype for Business 2019 and 2015, the Debug-CsIntraPoolReplication cmdlet fails if you use the ConnectionUri parameter during a remote PowerShell session that was created by using an OcsPowerShell endpoint. For more information, see Debug-CsIntraPoolReplication fails using ConnectionUri in remote PowerShell with OcsPowerShell endpoint (KB5032556).
How to get and install the update
To get this update, install the following updates:
More information
Security update deployment information
For deployment information about this update, see Deployments - Security Update Guide.
How to get help and support for this security update
Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security