Check Point Advisories

Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)

Vulnerability
Protection

Check Point Reference:	CPAI-2015-1404
Date Published:	15 Dec 2015
Severity:	High
Last Updated:	Thursday 17 December, 2015
Source:	Microsoft MS15-123
Industry Reference:	CVE-2015-6061
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?	Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Lync 2013 (Skype for Business) Microsoft Lync Basic 2013 (Skype for Business Basic) Skype for Business 2016 Skype for Business Basic 2016
Vulnerability Description	A security bypass vulnerability exists in Skype for Business and Lync Servers. The vulnerability is due to improper sanitizing of specially crafted content. A remote attacker could trigger this flaw by convincing a victim to open an instant message session and then send that user a message containing specially crafted JavaScript content.
Update/Patch Avaliable	Apply patches from: MS15-123

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)