CVE-2014-4068

Name of the Vulnerable Software and Affected Versions Microsoft Lync Server versions 2010 through 2013

Description The issue allows an attacker to cause a denial of service, resulting in a system hang, by sending a crafted call. This is due to improper exception handling in the Response Group Service in Microsoft Lync Server 2010 and 2013, and the Core Components in Lync Server 2013.

Recommendations For Microsoft Lync Server 2010, update to a version that properly handles exceptions to prevent the denial of service. For Microsoft Lync Server 2013, update the Core Components to a version that correctly handles exceptions, preventing the system hang. As a temporary workaround, consider restricting access to the Response Group Service to minimize the risk of exploitation.