(MS14-032) Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)

  Severity: HIGH
  CVE Identifier: CVE-2014-1823
  Advisory Date: JUN 11, 2014

  DESCRIPTION

This security update addresses a vulnerability found in Microsoft Lync Server that could allow information disclosure, which remote attackers may possibly use to launch other attacks. This can be exploited once users join a supposedly join Lync meeting via clicking specially crafted meeting URL.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Lync Server 2010
  • Microsoft Lync Server 2013