Lync 2013 / SfB 2015 Client Security Update – December 2015

This week’s security update takes the Office 2013-based Lync/SfB client from 15.0.4771.1001 to 15.0.4779.1001.

Kb3114351 "MS15-128: Description of the security update for Lync 2013 (Skype for Business): December 8, 2015

This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-128.

For a complete list of affected software, see Microsoft Knowledge Base article 3104503".

What’s Fixed

This security update fixes the following non-security-related issues:

  • When you are in a public switched telephone network (PSTN) call, and you open a Conversation Window Extension (CWE), the call option controls are covered by the CWE without any way to access the controls without closing the CWE.
  • Lync client doesn’t show all the fonts if the computer has more than 1,000 fonts.
  • Kb3114328 "You need to install the April 14, 2015 update" error message is displayed when you start Lync 2013
  • Kb3112863 Lync 2013 (Skype for Business) sends corporate error reporting (CER) data after every PC-to-PC and conference call
  • Kb3112864 Media setup may fail and all media diagnostics information is missing in Lync 2013 (Skype for Business)
  • Kb3114326 A hyperlink that is copied from Internet Explorer can’t be pasted into Lync 2013 (Skype for Business)
  • Kb3114325 Response Group Service group member notification is displayed frequently in Lync 2013 (Skype for Business)
  • Kb3112796 Adds a new GPO to control which proxy setting is used when both PAC and manual proxy are used in Skype for Business
  • Kb3101548 Attendees can’t see the shared desktop when they join an online meeting as anonymous users in Lync 2013

What’s New / Changed

This security update contains the following improvements:

  • Adds Cloud-based Discovery
  • Uses SSO to autodetect SIP address and start sign in

Known Issues

None documented.

Pre-Req’s

I’ve highlighted the one new/updated pre-req here – the new version of “lynchelploc”.

A few people have found their recent updates haven’t delivered as expected. Don’t forget *all* of the pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).

Update

Download

Current Version

Released

Update for Office 2013 (KB3054853) (NOTE 1 BELOW) 1.0 9 June 2015
LyncHelpLoc (Kb3039776) 1.0 1 December 2015
Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) 1.0 13 February 2014

NOTE1: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”

Download

This is the client fix itself:

  • x86 (lync2013-kb3114351-fullfile-x86-glb.exe)
  • x64 (lync2013-kb3114351-fullfile-x64-glb.exe)

Reboot

I have all the pre-req’s already installed, so a reboot was not required. I was however running Outlook 2013 at the time and I was prompted to exit it, to which I duly complied.

Before / After

Before

After

SfB 15.0.4771.1001 MSO 15.0.4771.1001 SfB 15.0.4779.1001 MSO 15.0.4771.1001
Lync2013Dec2015ClientSecurityUpdate-Before Lync2013Dec2015ClientSecurityUpdate-After

 

Revision History

9th December 2015: This is the initial post

 

– G.

2 Comments

  1. Thanks for the update description, i have a question.

    Where do i need to start with to update my Lync 2013 client to the latest?
    Should i install CU17 and the latest security updates or only the update from december?

    hope to hear from you.
    Kr.

Leave a Reply

Your email address will not be published.

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.