Security update Microsoft Security Bulletin MS12-039 resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Lync. The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.

This security update is rated Important for Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2010 Attendant (32-bit), and Microsoft Lync 2010 Attendant (64-bit). For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by correcting how specially crafted True Type Font files are handled, correcting the manner in which Microsoft Lync loads external libraries, and modifying the way that SafeHTML function sanitizes HTML content. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Author: NextHop

Publication date: June 12, 2012

Product version: Microsoft Communicator 2007 R2, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2010 Attendant

Visit Microsoft Security Bulletin MS12-039 for details and recommendations.

Lync Server Resources

We Want to Hear from You