Lync 2013 / SfB 2015 Client Security Update – August 2015

I have a little secret to share: I get a quiet delight out of seeing news of a security update for Lync/SfB. Don’t get me wrong, I certainly don’t enjoy reading of potential vulnerabilities in the product; what I do enjoy is knowing that each security update includes all of the fixes they’d coded into the product since the last ‘official’ update, and so my clients and I get the benefit of the fixes before they were otherwise going to see the light of day…

And so it is that we have an August update to the Lync 2013 / Skype for Business 2015 client:

Kb3055014: Description of the security update for Microsoft Lync 2013 (Skype for Business): August 11, 2015

“This security update resolves vulnerabilities in Microsoft Lync 2013. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType or OpenType fonts. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-080”.

What’s Fixed?

As if to spite me – perhaps as payback for my opening line – there are no documented fixes at this stage, beyond those of the security update itself.

What’s New?

kb3080519: Adds a policy setting from in-band provisioning to disable media traffic over IPv6 in Skype for Business or Lync 2013. (See my more detailed post here).

Known Issues

There are no known issues documented.

Pre-Req’s

A few people have found their recent updates haven’t delivered as expected. Don’t forget *all* of the pre-req’s.

Dropped from this update is the previous requirement for Office 2013 SP1.

Update

Download

Current Version

Released

Update for Office 2013 (KB3054853)
(NOTE 1 BELOW)
1.0 9 June 2015
LyncHelpLoc (kb2889853) 1.0 13 April 2015
Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) 1.0 13 February 2014

NOTE1: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”.

Download

This is the client fix itself:

  • x86 (lync2013-kb3055014-fullfile-x86-glb.exe)
  • x64 (lync2013-kb3055014-fullfile-x64-glb.exe)

Reboot?

In my case, no. I recently updated to Windows 10 (in-place) and with all of the pre-req’s already in place I exited the client and ran the update. I was prompted to close Outlook – to which I complied – and the update completed with no need for a reboot.

Before / After

Before

After

SfB 15.0.4737.1000 MSO 15.0.4737.1001 SfB 15.0.4745.1000 MSO 15.0.4737.1001
Aug2015ClientSecurityUpdate-Before Aug2015ClientSecurityUpdate-After

Revision History

15th August. This is the initial post

16th October: Added the “what’s new: IPv6” kb.

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.