Here we are boldly staring down Christmas again for another year, and I’ve just realised not one but TWO updates to the Office 2013-based Skype for Business client have snuck past me in recent months. (Well, at least I have a handy New Year’s Resolution up my sleeve now…)
The previous update was June, and this security update (Kb 4475519) took us from 15.0.5145.1000 to 15.0.5153.1001.
What’s Fixed
“This security update resolves an information disclosure vulnerability that exists if Microsoft Exchange allows entities to be created even though they have Display Names that contain non-printable characters. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1084“.
What’s New / Changed
Nothing documented.
Known Issues
Nothing documented.
Pre-Req’s
It’s all good if you’ve been diligent in your patching.
If however your patching isn’t to current you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).
Update |
Download |
Current Version |
Released |
| Update for Office 2013 (KB3054853) (NOTE 1 BELOW) | 1.0 | 9 June 2015 | |
| LyncHelpLoc (kb3191937) | 1.0 | 22 May 2017 | |
| Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) | 1.0 | 13 February 2014 |
NOTE1: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”
Download
This is the client fix itself:
Reboot
I have all the pre-req’s already installed, had exited the client before we started & was not prompted for a reboot.
Before / After
Before |
After |
| SfB 15.0.5145.1000 MSO 15.0.5172.1000 | SfB 15.0.5153.1001 MSO 15.0.5172.1000 |
 |
 |
Revision History
15th December 2019: This is the initial post.
– G.
