Je l'avais évoqué dans ce post: http://microsofttouch.fr/default/b/christophe/archive/2014/09/05/microsoft-lync-server-2013-bulletin-de-s-233-curit-233-septembre-2014.aspx
Microsoft vient de publier un bulletin de sécurité concernant aussi bien Lync Serveur 2010 que 2013: Microsoft Security Bulletin MS14-055
KB: https://support.microsoft.com/kb/2990928
Description:
This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.
This security update is rated Important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013. For more information, see the Affected and Non-Affected Software section.
The security update addresses the vulnerabilities by correcting the way Lync Server sanitizes user input and by correcting the way Lync Server handles exceptions and null dereferences. For more information about these vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.
Versions concernées:
Lien téléchargement:
Lync 2010 server (to 4.0.7577.276): http://www.microsoft.com/en-us/download/details.aspx?id=44080
Lync 2013 server (to 5.0.8308.803): http://www.microsoft.com/en-us/download/details.aspx?id=44084
Lync 2013 client: http://support.microsoft.com/kb/2889860
