SynopsisThe Microsoft Lync Server installation on the remote host is missing a security update.
DescriptionThe Microsoft Lync Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :
- An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could read arbitrary files on the victim's machine. To exploit the vulnerability, an attacker needs to instantiate a conference and modify the meeting link with malicious content and send the link to a victim. (CVE-2019-1209)
SolutionMicrosoft has released KB4515509 to address this issue.