diff --git a/src/main/java/de/thm/arsnova/controller/QuestionByLecturerController.java b/src/main/java/de/thm/arsnova/controller/QuestionByLecturerController.java
index 15416422a5cdb604993750313bf0054242897a18..ca5785b40ef8efd30f100874605e8cd879c1749e 100644
--- a/src/main/java/de/thm/arsnova/controller/QuestionByLecturerController.java
+++ b/src/main/java/de/thm/arsnova/controller/QuestionByLecturerController.java
@@ -80,34 +80,14 @@ public class QuestionByLecturerController extends AbstractController {
 		throw new BadRequestException();
 	}
 
-	@RequestMapping(
-			value = "/question/bylecturer/{questionId}", 
-			method = RequestMethod.PUT
-			)
+	@RequestMapping(value = "/{questionId}", method = RequestMethod.PUT)
 	@ResponseBody
 	public final void updateQuestion(
 			@PathVariable final String questionId,
 			@RequestBody final Question question,
 			final HttpServletResponse response
 	) {
-		throw new NoContentException();
-		
-		/* TODO: Not yet implemented! The following code has been copy-and-pasted from postQuestion */
-		/*
-		if (!sessionkey.equals(question.getSession())) {
-			response.setStatus(HttpStatus.PRECONDITION_FAILED.value());
-			return null;
-		}
-
-		if (questionService.saveQuestion(question) != null) {
-			response.setStatus(HttpStatus.CREATED.value());
-			return question;
-		}
-
-		response.setStatus(HttpStatus.BAD_REQUEST.value());
-		
-		return null;
-		*/
+		this.questionService.update(question);
 	}
 
 	@RequestMapping(value = "/{questionId}/publish", method = RequestMethod.POST)
diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index 51244007764c7ba6f0272061cee87ee42a3029f7..d3d519f556497c2fc2dff83fa20a9a141579c01e 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -109,7 +109,7 @@ public class QuestionService implements IQuestionService {
 		if (question == null) {
 			throw new NotFoundException();
 		}
-		
+
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(question.getSessionKeyword());
 		if (user == null || session == null || !session.isCreator(user)) {
@@ -117,7 +117,6 @@ public class QuestionService implements IQuestionService {
 		}
 		databaseDao.deleteQuestion(question);
 	}
-	
 
 	@Override
 	@Authenticated
@@ -126,7 +125,7 @@ public class QuestionService implements IQuestionService {
 		if (question == null) {
 			throw new NotFoundException();
 		}
-		
+
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(question.getSessionKeyword());
 		if (user == null || session == null || !session.isCreator(user)) {
@@ -222,7 +221,17 @@ public class QuestionService implements IQuestionService {
 	}
 
 	@Override
+	@Authenticated
 	public void update(Question question) {
+		if (databaseDao.getQuestion(question.get_id()) == null) {
+			throw new NotFoundException();
+		}
+
+		User user = userService.getCurrentUser();
+		Session session = databaseDao.getSession(question.getSessionKeyword());
+		if (user == null || session == null || !session.isCreator(user)) {
+			throw new UnauthorizedException();
+		}
 		this.databaseDao.updateQuestion(question);
 	}
 }