5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.9 Medium
AI Score
Confidence
High
0.846 High
EPSS
Percentile
98.5%
Multiple serious vulnerabilities have been found in Microsoft Lync Server. Malicious users can exploit these vulnerabilities to inject arbitrary code or cause denial of service.
Below is a complete list of vulnerabilities
CVE-2014-4071 critical
CVE-2014-4070 warning
CVE-2014-1823 warning
CVE-2014-4068 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
support.microsoft.com/kb/2963286
support.microsoft.com/kb/2963288
support.microsoft.com/kb/2969258
support.microsoft.com/kb/2982385
support.microsoft.com/kb/2982388
support.microsoft.com/kb/2982389
support.microsoft.com/kb/2982390
support.microsoft.com/kb/2986072
support.microsoft.com/kb/2990928
support.microsoft.com/kb/2992965
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1823
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4068
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4070
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4071
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Lync-Server/