Lync 2013 / SfB 2015 Client Security Update – August 2016

This week’s security update takes the Office 2013-based Lync/SfB client from 15.0.4841.1000 to 15.0.4849.1000. It’s listed as Critical as there’s the risk of remote code execution.

Kb3115431 “MS16-097: Description of the security update for Lync 2013 (Skype for Business): August 9, 2016. This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business that could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.

To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-097. For a complete list of affected software, see Microsoft Knowledge Base article 3177393.”

What’s Fixed

This security update contains fixes for the following security issue:

  • A security vulnerability exists in Skype for Business 2015 … that could allow arbitrary code to run when a maliciously modified file is opened

This security update contains fixes for the following nonsecurity issues:

  • Kb3179659 “No Matches” is displayed incorrectly in partial-name-search in Lync 2013 (Skype for Business)
  • Kb3183215 A blank window appears if you join a meeting without audio devices in Lync 2013 (Skype for Business)
  • Kb3179658 Anonymous meeting join fails in Lync 2013 (Skype for Business)

What’s New / Changed

Nothing documented.

Known Issues

None documented.

Pre-Req’s

There are no changes here from recent updates, so if you’re already current you only need the patch itself, below under “Download”. If however your patching isn’t to current, then you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).

Update

Download

Current Version

Released

Update for Office 2013 (KB3054853) (NOTE 1 BELOW) 1.0 9 June 2015
LyncHelpLoc (Kb3039776) 1.0 1 December 2015
Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) 1.0 13 February 2014

 

NOTE1: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”

Download

This is the client fix itself:

  • x86 (lync2013-kb3115431-fullfile-x86-glb.exe)
  • x64 (lync2013-kb3115431-fullfile-x64-glb.exe)

Reboot

I have all the pre-req’s already installed, so a reboot was not required. I was however running Outlook 2013 at the time and I was prompted to exit it, to which I duly complied.

Before / After

Before

After

SfB 15.0.4841.1000 MSO 15.0.4841.1000 SfB 15.0.4849.1000 MSO 15.0.4841.1000
AugustUpdate-Before AugustUpdate-After

 

Revision History

10th August 2016: This is the initial post.

 

– G.

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.