Microsoft Lync
Recent Microsoft Lync Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | July 12, 2022 |
| CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | April 12, 2022 |
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | May 11, 2021 |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | May 11, 2021 |
By the Year
In 2023 there have been 0 vulnerabilities in Microsoft Lync . Lync did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
| 2019 | 2 | 6.50 |
| 2018 | 3 | 7.50 |
It may take a day or so for new Lync vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Lync Security Vulnerabilities
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation
CVE-2020-1025
9.8 - Critical
- July 14, 2020
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.
Improper Privilege Management
An information disclosure vulnerability exists in Lync 2013
CVE-2019-1209
6.5 - Medium
- September 11, 2019
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
Information Disclosure
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters
CVE-2019-1084
6.5 - Medium
- July 15, 2019
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Information Disclosure
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546
5.9 - Medium
- November 14, 2018
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared
CVE-2018-8238
7.8 - High
- July 11, 2018
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content
CVE-2018-8311
8.8 - High
- July 11, 2018
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
Improper Input Validation
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks
CVE-2012-1858
- June 12, 2012
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Lync or by Microsoft? Click the Watch button to subscribe.
