It’s been 3 months since our last security update to the Office 2013-based Lync/SfB client, and five weeks since this one. Today we go from 15.0.4927.1000 to 15.0.4933.1000. It addresses a risk of remote code execution.
Kb 3191939: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.
This security update [also] contains improvements and fixes:
- Kb 4023594 Can’t upload a file in a persistent chat room by selecting the “send” button in Skype for Business 2015 (Lync 2013)
- Kb 4023595 Skype for Business 2015 (Lync 2013) crashes when you sign in to the client
- Kb 4023597 Update to join a conference meeting without an audio device in Skype for Business 2015 (Lync 2013)
What’s New / Changed
It’s been a big year for pre-req updates, and we have yet another today!
If your patching isn’t to current you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).
|Update for Office 2013 (KB3054853) (NOTE 1 BELOW)||1.0||9 June 2015|
|LyncHelpLoc (kb3191937)||1.0||22 May 2017|
|Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427)||1.0||13 February 2014|
This is the client fix itself:
I have all the pre-req’s already installed, so a reboot was not required.
Before / After
|SfB 15.0.4927.1000 MSO 15.0.4719.1000||SfB 15.0.4933.1000 MSO 15.0.4719.1000|
15th June 2017: This is the initial post.