Microsoft Lync Server Remote Denial Of Service Vulnerabilities

Summary

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka ‘Lync Denial of Service Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft Lync Server 2010 and 2013

Immune Systems:
 * Microsoft Lync Server 2010 and 2013

Microsoft Lync Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition.

CVE Information:
CVE-2014-4068

Disclosure Timeline:
Original release date: 09/09/2014
Last revised: 09/10/2014

Categories: Windows