Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Microsoft Lync Server 2010 does not correctly reject the SUBSCRIBE request that is received when the value of the ms-source-verified-user parameter is unverified. Therefore, the Lync Server 2010 server cannot prevent spam instant message (SPIM) attacks that come from public IM clients, such as Windows Live Messenger, AOL, or Yahoo. Additionally, the public IM client users can verify the presence status, and send an instant message to Office Communicator 2007 R2 users.

Cause

This issue occurs because Lync Server 2010 calls the EdgeHeaderProcessor::ProcessInboundServerMessageNonEP() function when there is a message that contains an ms-edge-proxy-message-trust header. This function does not call the CSIPMessage::SetComputedUserValidation() function.

Note Office Communications Server 2007 R2 uses the CEPHeaderProcessor::ProcessIncomingMessage() function instead. This function calls the CSIPMessage::SetComputedUserValidation() function.

Resolution

To resolve this issue, install the following cumulative update:

2592292 Description of the cumulative update for Lync Server 2010: August 2011

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×