This is just a quick post explaining a risk that has been indentified with Lync 2013 Server CU released in July 2015. An issue has been indentified with this CU “MS15-104: Vulnerabilities in Skype for Business Server and Lync Server could allow elevation of privilege”
This security update resolves vulnerabilities in Skype for Business and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-104.