CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
91.4%
Improper content sanitization at jQuery engine and other vectors were found in Lync Server and Skype for Business Server. By exploiting these vulnerabilities malicious users can gain privileges or obtain sensitive information. These vulnerabilities can be exploited remotely via a specially designed web content. Clients connected to affected servers are also affected.
CVE-2015-2536 warning
CVE-2015-2531 warning
CVE-2015-2532 warning
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/3061064
support.microsoft.com/kb/3080353
support.microsoft.com/kb/3089952
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2531
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2532
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2536
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Lync-Server/