Lync 2013 / SfB 2015 Client Security Update – June 2017

It’s been 3 months since our last security update to the Office 2013-based Lync/SfB client, and five weeks since this one. Today we go from 15.0.4927.1000 to 15.0.4933.1000. It addresses a risk of remote code execution.

Kb 3191939: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.

What’s Fixed

This security update [also] contains improvements and fixes:

  • Kb 4023594 Can’t upload a file in a persistent chat room by selecting the “send” button in Skype for Business 2015 (Lync 2013)
  • Kb 4023595 Skype for Business 2015 (Lync 2013) crashes when you sign in to the client
  • Kb 4023597 Update to join a conference meeting without an audio device in Skype for Business 2015 (Lync 2013)

What’s New / Changed

Nothing documented.

Known Issues

None documented.

Pre-Req’s

It’s been a big year for pre-req updates, and we have yet another today!

If your patching isn’t to current you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).

Update

Download

Current Version

Released

Update for Office 2013 (KB3054853) (NOTE 1 BELOW) 1.0 9 June 2015
LyncHelpLoc (kb3191937) 1.0 22 May 2017
Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) 1.0 13 February 2014

 

NOTE1: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”

Download

This is the client fix itself:

  • x86 (lync2013-kb3191939-fullfile-x86-glb.exe)
  • x64 (lync2013-kb3191939-fullfile-x64-glb.exe)

Reboot

I have all the pre-req’s already installed, so a reboot was not required.

Before / After

Before

After

SfB 15.0.4927.1000 MSO 15.0.4719.1000 SfB 15.0.4933.1000 MSO 15.0.4719.1000
Before-15.0.4933.1000 After-15.0.4933.1000

 

Revision History

15th June 2017: This is the initial post.

 

– G.

One Comment

  1. Hi Greig,
    We are on version 4927 and 4933 and we just moved from Lync 2013 365 to Lync 2013 on premise but at reconnection of some clients they receive the famous DNS error popup (There might be an issue with the domain name system (dns) configuration for your domain). Some clients don’t have this and can connect.
    We tried some things, checked server records and all is ok. We did some tests by installing all windows 7 updates (200) and it’s ok now (not the office updates). How to check which update was needed?
    Is there something required for the client? Or a windows update that updates the TLS/SSL?

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.