Lync 2013 / SfB 2015 Client Security Update – November 2015

This week’s security update takes the Office 2013-based Lync/SfB client from 15.0.4763.1001 to 15.0.4771.1001.

Kb3101496: “MS15-116 and MS15-123: Description of the security update for Lync 2013 (Skype for Business): November 10, 2015

This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts. Or, these vulnerabilities could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content.

To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-116 and Microsoft Security Bulletin MS15-123.

Note After you apply this security update, you may see a popup window that states that a website wants to open web content in protected mode in Internet Explorer. See Updates to change the way that Internet Explorer interacts with features in Microsoft Office applications for more information.

What’s Fixed

This security update fixes the following non-security-related issues:

  • Kb3085626 Sent emoticons are displayed differently in instant messages between Lync 2010 or 2013 and Skype for Business clients
  • Kb3085629 Large conversations in Lync 2013 (Skype for Business) are lost in the Conversation History folder in Outlook
  • Kb3085630 Skype for Business client crashes when you search for a contact in the Skype Directory tab
  • Kb3085631 No phone numbers are displayed for a user whose photo is disabled in the contact list in Lync 2013 (Skype for Business)
  • Kb3085632 The Current Conversations option is missing when you do a consultative transfer in Lync 2013
  • Kb3085633 Call button is unavailable (grayed out) for a meeting organizer in Lync 2013 (Skype for Business)
  • Kb3087562 Registry key isn’t honored when you customize the title name of user interface in Skype for Business
  • Kb3101307 Lync 2013 (Skype for Business) users can’t save meeting contents to a redirected folder that’s in Offline mode

What’s New / Changed

Nothing known yet.

Known Issues

None documented.

Pre-Req’s

A few people have found their recent updates haven’t delivered as expected. Don’t forget *all* of the pre-req’s. The Office 2013 SP1 requirement still applies if you’re using Office 2010. (Lync 2013 in all of its flavours – e.g. Lync Basic – is still a component of Office 2013).

Update

Download

Current Version

Released

Office 2013 SP1 (KB2817430(NOTE 1 BELOW) 1.0 18 February 2014
Update for Office 2013 (KB3054853) (NOTE 2 BELOW) 1.0 9 June 2015
LyncHelpLoc (kb2889853) 1.0 13 April 2015
Microsoft Office 2013 Language Pack Service Pack 1 (KB2817427) 1.0 13 February 2014

NOTE1: “Before you install this update, you must install Microsoft Office 2013 Service Pack 1 (KB2817430)”.

NOTE2: “You do not have to apply update KB3054853 if you applied the April 14, 2015, update (KB2889923) or the May 12, 2015, security update (KB3039779) for Lync 2013 (Skype for Business)”.

Download

This is the client fix itself:

  • x86 (lync2013-kb3101496-fullfile-x86-glb.exe)
  • x64 (lync2013-kb3101496-fullfile-x64-glb.exe)

Reboot

I have all the pre-req’s already installed, so a reboot was not required. The further behind your current client version is, the greater the likelihood you’ll need to reboot. Note that I installed the update having exited Lync & Outlook first.

Before / After

Before

After

SfB 15.0.4763.1001 MSO 15.0.4763.1000 SfB 15.0.4771.1001 MSO 15.0.4763.1000
Lync2013ClientNov2015SecurityUpdate-Before Lync2013ClientNov2015SecurityUpdate-After

 

Revision History

15th November 2015: This is the initial post

 

– G.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.