Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.