KLA10657
Multiple vulnerabilities in Microsoft communication services
Updated: 05/22/2020
Detect date
?
09/08/2015
Severity
?
Warning
Description

Improper content sanitization at jQuery engine and other vectors were found in Lync Server and Skype for Business Server. By exploiting these vulnerabilities malicious users can gain privileges or obtain sensitive information. These vulnerabilities can be exploited remotely via a specially designed web content. Clients connected to affected servers are also affected.

Affected products

Lync Server 2013
Skype for Business Server 2015

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-2536
CVE-2015-2531
CVE-2015-2532

Impacts
?
OSI 
[?]

PE 
[?]
Related products
Microsoft Lync Server
CVE-IDS
?
CVE-2015-25364.3Warning
CVE-2015-25314.3Warning
CVE-2015-25324.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3089952
3080353
3061064