By my reading it’s been 5 months since our last security update to the Office 2013-based Lync/SfB client, and this one takes us from 15.0.4903.1001 to 15.0.4911.1000. It’s listed as Critical as there’s the risk of remote code execution.
Kb 4013075 “This security update resolves vulnerabilities in the Microsoft Graphics Component on Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. These vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
To learn more about the vulnerability, see Microsoft Security Bulletin MS17-013.”
This security update also contains fixes for the following nonsecurity issues:
- Kb 4013150 EWS connection issue after migrating mailbox to Exchange Online Dedicated vNext in Skype for Business 2015 (Lync 2013)
- Kb 4013149 Update to support dedicated URLs of Black Forest and ITAR in Skype for Business 2015 (Lync 2013)
What’s New / Changed
There are no changes here from recent updates, so if you’re already current you only need the patch itself, below under “Download”. If however your patching isn’t to current, then you’ll need to check you have *all* of these pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Outlook 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).
|Update for Office 2013 (KB3054853) (NOTE 1 BELOW)||1.0||9 June 2015|
|LyncHelpLoc (Kb3039776)||1.0||1 December 2015|
|Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427)||1.0||13 February 2014|
This is the client fix itself:
I have all the pre-req’s already installed, so a reboot was not required. I was however running Outlook 2013 at the time and I was prompted to exit it, to which I duly complied.
Before / After
|SfB 15.0.4903.1000 MSO 15.0.4893.1000||SfB 15.0.4911.1000 MSO 15.0.4893.1000|
15th March 2017: This is the initial post.