MS13-041: Vulnerability in Lync could allow remote code execution: May 14, 2013

INTRODUCTION
Microsoft has released security bulletin MS13-041. To view the complete security bulletin, visit the following Microsoft website: 

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

Known issues with this security update

Each security update that is addressed in this bulletin requires that the latest publicly released cumulative update for the affected software is installed before you apply the update. If you install an update through Microsoft Update, the appropriate cumulative update will be automatically installed together with the security update.

However, if you plan to apply an update manually by downloading it from the Microsoft Download Center, you should be aware that the Lync Server Update Installer on Microsoft Download Center page will automatically install previous Cumulative Updates (CU) for all Lync Servers. See the following table for product-specific links for obtaining the cumulative updates for manual installations.

Affected SoftwareDownload Page for Latest Cumulative Update
Microsoft Office Communicator 2007 R2
(2827753)
Updates Resource Center for Office Communications Server 2007 R2 and Clients
Microsoft Lync 2010 (32-bit)
(2827750)
Updates resource center for Lync 2010
Microsoft Lync 2010 (64-bit)
(2827750)
Updates resource center for Lync 2010
Microsoft Lync 2010 Attendee
(admin level install)
(2827752)
Updates resource center for Lync 2010
Microsoft Lync 2010 Attendee
(user level install)
Updates resource center for Lync 2010
Microsoft Lync Server 2013
(2827754)
Updates resource center for Lync Server 2013

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2827750 MS13-041: Description of the security update for Lync 2010: May 14, 2013

    Known issues in security update 2827750:
    • When you install an update for Lync 2010, you are not prompted to close the application (Lync 2010). All ongoing conversations and conferences will be stopped in order to install the update successfully. The user must manually start Lync 2010 after the installation procedure is complete.
  • 2827751 MS13-041: Description of the security update for Lync 2010 Attendee (user level install): May 14, 2013 
  • 2827752 MS13-041: Description of the security update for Lync 2010 Attendee (Administrator level installation): May 14, 20103 
  • 2827753 MS13-041: Description of the security update for Office Communicator 2007 R2: May 14, 2013 
  • 2827754 MS13-041: Description of the security update for Lync 2013 Web Access: May 14, 2013 

File hash information

File nameSHA1 hashSHA256 hash
AttendeeAdmin.msp483A85ABA820006A2F642E77DDC083ABB2FF14A28D807454AE8F333E8358578F8AD9884900004B22446643538CFBF6D80BC93160
AttendeeUser.msp24E2839B67D7954304655BCD2C25E4528F59D82CDCBC634F4E81680C71A2E6BE84F0A06E302B7E8F9770171052FBC38CBA1ECDF7
communicator.mspF5CFA0F71F59F54FEC7C58353CA094A6B544A9891DD50B2BB349042475587CEE70C82D5E45BD706DCB04F031F394FC7935BD0934
WebComponents.mspB822432792D2433F5CA868B066CC0F63BA2DFF8F409411B9747F91FE326DB9842C6D661A85A5568E782DCFF5E6C5740BD99363DC
lync.msp3CEA167A2B959B122FE18CF815CC8336BD839FB90961ADDEEE21410F9675B50E97FB2780ADB2FCD68BAA0ECBB22CB3DE904793C8
lync.mspAA540608DB00295ADEE6349AE25FA8D1798862792B91865EEDBDBE694CC9633BC229DAC0728E9A0932F30DF6D5E2754F54847811
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service dos
Properties

Article ID: 2834695 - Last Review: 05/14/2013 17:13:00 - Revision: 1.0

Microsoft Lync 2013, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Office Communicator 2007 R2

  • kbexpertiseinter kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew KB2834695
Feedback