Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0088
Skype for Business and Lync Security Updates
14 June 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Skype for Business and Lync
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-8527 CVE-2017-0283
Member content until: Friday, July 14 2017
OVERVIEW
Microsoft has released its monthly security patch update for the
month of June 2017 for Skype for Business and Lync. [1]
This update resolves 2 vulnerabilities across the following
products:
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
IMPACT
Microsoft has given the following details regarding these
vulnerabilities:
Details Impact Severity
CVE-2017-0283 Remote Code Execution Critical
CVE-2017-8527 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version
made available on the Microsoft Update Cataloge for the following
Knowledge Base articles. [1]
KB3191939
KB3203382
KB4020732
KB4020733
KB4020734
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWUCfIIx+lLeg9Ub1AQgpKw/+NFPNrZb7GfoKWFi/IfPuFpeZT5/JQDPz
l/knZnBZlNn4wufhSva1v/ByO3zr4PiKEszVLo9Mytkm+jmMuY73xH4Fc/zCZ4TL
1b8EIzBpfUZSJ2xOXGMmHoPoy3gUl1YkFwP1hxDPyahfn254hOiwSsSr8Mbw4Mdy
KmHZW05DqKYsdrSenzQHTxKmxr93iSoHcfAHPTg643laOaThJbnU/+yw4iUQO0q5
vYkoYh5COx7ZxIK5YSLXJVwweotkHsG2lPIkprCL8U8pZqA1rPjB2VnWSqgfYx3D
Lb+oYzV6voppKU82lxM234XOaMQql1uP03Hm7yWL0LjdbifzN/YBfOUCamvNJr9n
gnuCJZGHcMCLNQ9DozLSt2xwTojVIEa1RjgPx8RO9xaLRxCiLquh2kPeGsfB8maa
h2LSyNr4mI73D4tPXOns+i1Z6XX5DoZaI57WrAm5d1WbaQ5FVzYEB79rQxXEDN1T
VYMAXwUkMS121Iwv4CFEOA/Y+Ji7N/Q7WSbv2XbQGCoe0VhxgqUm3s4+WAeyp1Gd
yrAhuVzDbp6+/FP6e3rSX3oGc8P64nWmiKoUksi9yxpho/Jf9Z+0mdMQ5F9lvciL
ClAa+ARLn6QLfUuHzYsPQyFMEjT6HnBnVh8Yxs5PYE2fxwrsRb6fJnZ4YE2PtTJq
FsiutoY86Mo=
=0xRC
-----END PGP SIGNATURE-----