Lync / SfB 2013 Client Security Update – May 2015

As part of “Patch Tuesday” this month (which naturally occurs in Australia on a Wednesday) we have a Security Update for the Lync 2013 (aka Skype for Business) Client:

  • MS15-044 Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110).
  • Kb3039779 Description of the security update for Lync 2013 (Skype for Business): May 12, 2015.

What’s Fixed?

This security update provides improvements that are described in the following article:

  • Kb3064068 May 12, 2015, security update for Skype for Business (Lync 2013) changes text strings in Outlook add-in

This security update resolves non-security issues that are described in the following articles:

  • Kb3057563 Outgoing calls are disconnected in Skype for Business or Lync 2013 when you press the Spacebar or the Enter key
  • Kb3057559 Skype for Business or Lync 2013 client certificates do not begin to renew within the correct time before they expire
  • Kb3057558 User interface is misaligned in tabbed conversation that is created after an RCC user ends a call in Skype for Business
  • Kb3057556 “An error occurred during this screen presentation” error occurs in application sharing conference in Skype for Business
  • Kb3057551 Cannot paste an image into an instant message in Skype for Business when you copy the image from Internet Explorer
  • Kb3057550 Update enables users to copy instant messages without author name and time stamp in Skype for Business (Lync 2013)
  • Kb3057549 The “Allow with URL” feature does not work in a client policy for Skype for Business in a Lync Server 2013 environment
  • Kb3057548 Buttons are not displayed on sharing toolbar when you use full screen in a sharing session in Skype for Business
  • Kb3057546 Lync 2013 does not show AD DS user’s display name in the toast notification of the first incoming PSTN call
  • Kb3057545 HYPERLINK “<URL>” is displayed as a prefix of a pasted text in Notepad when you copy the text from Skype for Business
  • Kb3057518 Presence status of a contact isn’t updated in your Skype for Business after the contact disconnects from network
  • Kb3057517 Contact card appears when you click a URL that contains the “@” character in a received message in Skype for Business
  • Kb3057516 Skype contacts can see your presence status after you remove them from contact list in Skype for Business
  • Kb3054008 CPU usage increases largely when you have multiple animated emoticons in conversations in Skype for Business
  • Kb3051517 Receiver cannot open or save transferred files in a chat room in Skype for Business

What’s New?

Several things! Check out the Before / After images below for the visual comparisons

  • Like many I’ve long been annoyed that when you scrape text from an IM it always passed to the clipboard including the sender’s name and date-stamp. Now you have the option (Cog / Options / IM) to *only* capture the raw text
  • As presumably a concession to user-confusion from the re-brand, the “join” text in a Lync / Skype for Business meeting now adds “previously known as…”. (See the image).

BTW, just in case you’ve been hiding under a rock this last month, know that this update ALSO includes the Skype for Business client interface. Released last month this makes a range of changes including new sounds and program naming, as well as the optional Skype UI. All future updates to the Lync 2013 client are going to incorporate this functionality, just as each update includes all previously released fixes. I’ve covered it here.

Known Issues

From the KB: After you install this security update, you may experience the issues that are described in the following Microsoft Knowledge Base articles:

  • Kb3051158 “Help isn’t working” error occurs when you open the “Skype for Business Help” window in Skype for Business
  • Kb3051516 “Copy” and “Select All” menu items are disabled for the first instant message in a conversation in Skype for Business
  • Kb3053114 Cannot open links without the “http://” prefix and the links that are to a OneNote page in Skype for Business
  • Kb3051160 Cannot join meetings by using Lync 2010 after you install OneDrive for Business
  • Kb3053998 Memory leak occurs when you transfer a file that is larger than 5 megabytes (MB) in a conversation in Skype for Business
  • Kb3063382 Non-English localized strings are not updated in Outlook after you apply security update 3039779 for Skype for Business
  • Kb3063390 Arabic text is not right-to-left aligned in meeting invitation body when you create a Skype for Business online meeting

Pre-Req’s

Update

Download

Current Version

Released

Office 2013 (KB3039700) 1.0 4 May 2015
Office 2013 SP1 (KB2817430) 1.0 18 February 2014
LyncHelpLoc (kb2889853) 1.0 13 March 2015
LyncLoc (kb2863908) 1.0 7 March 2014

 

Download

This is the client fix itself:

  • x86 (lyncmso2013-kb3039779-fullfile-x86-glb.exe)
  • x64 (lyncmso2013-kb3039779-fullfile-x64-glb.exe)

Reboot?

Alas yes – but only after installing the new MSO pre-req (KB3039700).

Before / After

Before

After

SfB 15.0.4711.1002 MSO 15.0.4711.1000 SfB 15.0.4719.1000 MSO 15.0.4719.1000
SfbClientMay2015SecurityUpdate-Before SfbClientMay2015SecurityUpdate-After
SfbClientMay2015SecurityUpdate-Before-IM-edit SfbClientMay2015SecurityUpdate-After-IM-edit3
SfbClientMay2015SecurityUpdate-Before-Join-Edit2 SfbClientMay2015SecurityUpdate-After-Join-Edit2

Revision History

13th May: This is the initial post

16th May: Added images, pre-req’s & “what’s new” – with thanks to Tom Arbuthnot & Simon Gardner via Twitter for the ‘new’ content

 

– G.

One Comment

  1. We upgraded from Lync 2013 straight to the May 12 version of Skype For Business. The update, with or without the new UI, changes the behavior of conferences. Previously, when you merged a call into a conference on hold, you were connected directly back to the conference. Now, the call you merge into the conference is like a blind transfer – the other parties are connected but you are disconnected, and you must join the call again.

    This has made using a VVX phone connected via BToE very difficult.

Leave a Reply

Your email address will not be published.

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.