Thursday, November 07, 2013

Zero Day Attacks on Lync 2013 Client?

News today of some new vulnerabilities in certain version of Lync, The Microsoft disclosure page on these attacks at https://technet.microsoft.com/en-us/security/advisory/2896666, and were described by ZD at: http://www.zdnet.com/zero-day-attacks-hit-windows-office-lync-7000022836.

The first version of the ZD article seemed to imply that Lync was suffering Zero Day attack, but it was later amended to say that in the wild attacks have only been seen, SO FAR, against Microsoft office. These vulnerabilities ‘only’ allows remote code execution but that’s enough to really mess up someone’s day, to say the least.

Microsoft’s disclosure page includes details on workarounds (to mitigate against the attacks) and a ‘Fix It’ link to automate these. I’ve not yet seen hot fixes to resolve the problem, but will be anxiously looking for them and plan to implement them quickly!

Technorati Tags: ,

No comments: