Le Cloud de Christophe BOUCETTA (MVP Lync/Skype for Business, CCNP Voice, CCNP Collaboration)

Voici le blog sur les communications unifiées

[Microsoft Lync Server 2013] Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)

Je l'avais évoqué dans ce post: http://microsofttouch.fr/default/b/christophe/archive/2014/09/05/microsoft-lync-server-2013-bulletin-de-s-233-curit-233-septembre-2014.aspx

Microsoft vient de publier un bulletin de sécurité concernant aussi bien Lync Serveur 2010 que 2013: Microsoft Security Bulletin MS14-055

KB: https://support.microsoft.com/kb/2990928

Description:

This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.

This security update is rated Important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013. For more information, see the Affected and Non-Affected Software section.

The security update addresses the vulnerabilities by correcting the way Lync Server sanitizes user input and by correcting the way Lync Server handles exceptions and null dereferences. For more information about these vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.

Versions concernées:

Lien téléchargement:

Lync 2010 server (to 4.0.7577.276): http://www.microsoft.com/en-us/download/details.aspx?id=44080

Lync 2013 server (to 5.0.8308.803): http://www.microsoft.com/en-us/download/details.aspx?id=44084

Lync 2013 client: http://support.microsoft.com/kb/2889860

Facebook Like
Anonymous