Peter Schraffl

**Name of the Vulnerable Software and Affected Versions** Microsoft Lync Server versions 2010 through 2013 **Description** The issue allows an attacker to cause a denial of service, resulting in a system hang, by sending a crafted call. This is due to improper exception handling in the Response Group Service in Microsoft Lync Server 2010 and 2013, and the Core Components in Lync Server 2013. **Recommendations** For Microsoft Lync Server 2010, update to a version that properly handles exceptions to prevent the denial of service. For Microsoft Lync Server 2013, update the Core Components to a version that correctly handles exceptions, preventing the system hang. As a temporary workaround, consider restricting access to the Response Group Service to minimize the risk of exploitation.