Microsoft Lync Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Lync Server.
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Lync Server. Lync Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.85 |
| 2021 | 4 | 6.68 |
| 2020 | 1 | 0.00 |
| 2019 | 3 | 6.10 |
It may take a day or so for new Lync Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Lync Server Security Vulnerabilities
Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2022-33633
7.2 - High
- July 12, 2022
Skype for Business and Lync Remote Code Execution Vulnerability
Skype for Business Information Disclosure Vulnerability
CVE-2022-26911
6.5 - Medium
- April 15, 2022
Skype for Business Information Disclosure Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2021-26422
7.2 - High
- May 11, 2021
Skype for Business and Lync Remote Code Execution Vulnerability
Skype for Business and Lync Spoofing Vulnerability
CVE-2021-26421
6.5 - Medium
- May 11, 2021
Skype for Business and Lync Spoofing Vulnerability
Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073
6.5 - Medium
- February 25, 2021
Skype for Business and Lync Spoofing Vulnerability
Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099
6.5 - Medium
- February 25, 2021
Skype for Business and Lync Denial of Service Vulnerability
Jul 2020: Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025
- July 14, 2020
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Sep 2019:
CVE-2019-1209
- September 11, 2019
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
Jun 2019: Skype for Business and Lync Server Denial of Service Vulnerability
CVE-2019-1029
- June 12, 2019
A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. To exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time. The update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory.
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request
CVE-2019-0798
6.1 - Medium
- April 09, 2019
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Lync Server or by Microsoft? Click the Watch button to subscribe.
