This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.
This security update is rated Important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013. For more information, see the Affected and Non-Affected Software section.
The security update addresses the vulnerabilities by correcting the way Lync Server sanitizes user input and by correcting the way Lync Server handles exceptions and null dereferences. For more information about these vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.
More information in Microsoft Security Bulletin MS14-055