This week’s security update takes the Office 2013-based Lync/SfB client from 15.0.4805.1000 to 15.0.4809.1000.
Kb3114944 “MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016.
This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.To learn more about the vulnerabilities, see Microsoft Security Bulletin MS16-039.
For a complete list of affected software, see Microsoft Knowledge Base article 3148522“.
This security update contains fixes for the following security issue:
- 3153357 Buffer may overrun when you use Lync 2013 or Skype for Business
This security update also contains fixes for the following nonsecurity issues:
- 3153356 Can’t join a Lync online’s audio/video meeting in Skype for Business that has a proxy server set
What’s New / Changed
There are no changes here from recent updates, so if you’re already current you only need the patch itself, below under “Download”.
If however your patching isn’t to current, then you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).
|Update for Office 2013 (KB3054853) (NOTE 1 BELOW)||1.0||9 June 2015|
|LyncHelpLoc (Kb3039776)||1.0||1 December 2015|
|Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427)||1.0||13 February 2014|
This is the client fix itself:
I have all the pre-req’s already installed, so a reboot was not required. I was however running Outlook 2013 at the time and I was prompted to exit it, to which I duly complied.
Before / After
|SfB 15.0.4805.1000 MSO 15.0.4815.1000||SfB 15.0.4809.1000 MSO 15.0.4815.1000|
16th April 2016: This is the initial post
11th June 2016: Corrected download links