General Information
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Lync. The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.
This security update is rated Important for Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2010 Attendant (32-bit), and Microsoft Lync 2010 Attendant (64-bit). For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by correcting how specially crafted True Type Font files are handled, correcting the manner in which Microsoft Lync loads external libraries, and modifying the way that SafeHTML function sanitizes HTML content. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Affected Software
- Microsoft Communicator 2007 R2 (KB2708980)
- Microsoft Lync 2010 (32-bit) (KB2693282)
- Microsoft Lync 2010 (64-bit) (KB2693282)
- Microsoft Lync 2010 Attendee (admin level install) (KB2696031)
- Microsoft Lync 2010 Attendee (user level install) (KB2693283)
- Microsoft Lync 2010 Attendant (32-bit) (KB2702444)
- Microsoft Lync 2010 Attendant (64-bit) (KB2702444)
Software Not Affected
- Microsoft Speech Server 2004
- Microsoft Speech Server 2004 R2
- Microsoft Live Meeting 2007 Console
- Microsoft Live Communications Server 2003
- Microsoft Live Communications Server 2005 Service Pack 1
- Microsoft Communicator 2005
- Microsoft Communicator 2005 Web Access
- Microsoft Communicator 2007
- Microsoft Communicator 2007 Web Access
- Microsoft Communications Server 2007
- Microsoft Communications Server 2007 Speech Server
- Microsoft Communications Server 2007 R2
- Microsoft Communicator 2007 R2 Attendant
- Microsoft Communicator 2007 R2 Group Chat Admin
- Microsoft Communicator 2007 R2 Group Chat Client
- Microsoft Communicator for Mac 2011
- Microsoft Lync for Mac 2011
- Microsoft Lync Server 2010
- Microsoft Lync Server 2010 Software Development Kit
More info & Downloads here:
http://technet.microsoft.com/en-us/security/Bulletin/MS12-039
