HomeWinBuzzer NewsSkype for Business Kitten of Doom Attack Leverages Emojis to Crash App

Skype for Business Kitten of Doom Attack Leverages Emojis to Crash App

A new Skype for Business attack called Kitten of Doom was fixed by Microsoft last week but may affect users who have not updated.


is facing a denial of service (DoS) flaw to contend with in . The DoS has been discovered by security researchers and is triggered by batch numbers of emojis without the communication platform. The flaw has been called the Kitten of Doom attack, and there's good reason for that.

SEC Consult Vulnerability Lab uncovered the vulnerability and Microsoft has since coded it as CVE-2018-8546. Unfortunately, this flaw is filed under “major problem”, not least because SEC says it is very easy to implement.

Indeed, all an attacker needs to do is start spamming a Skype for Business account with hundreds of emojis. This will make the Skype account useless, essentially crashing the app.

To test the theory, SEC conducted a proof-of-concept (PoC). Using the cute kitten emoji (hence the Kitten of Doom moniker), the team spammed 100 emojis to start. This was enough to cause the Skype for Business app to lag.

Adding more and more emojis resulted in the app becoming increasingly slow. SEC says 800 was the magic number of kittens to get the app to crash:

“Your Skype for Business client will stop responding for a few seconds,” the firm said, in a post this week. “If a sender continues sending emojis, your Skype for Business client will not be usable until the attack ends.”

The vector for attack is also very easy. Bad actors send a single invite for the target user to join a meeting or make direct message contact. It is worth noting that 800 Kitten of Doom emojis do not freeze the app on all versions.

Pranks and Fix

While the attack is simple, there is one significant positive here. Namely, there is no malicious content, so this attack seems to be solely to be used as a prank. So, it will be frustrating for users as it will make their app crash, but the affects should not be lasting.

It is also worth pointing out that Microsoft sent out a fix for the bug with last week's Patch Tuesday cumulative updates.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News