Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.