Lync Server 2013 Security Update – September 2015

Posted by on

This month’s security update touches just about everything in my world it seems. Here are the relevant links for Lync Server 2013:

MS15-104: Description of the security update for Microsoft Lync Server 2013: September 8, 2015

This security update resolves vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-104.

This update takes the server from 5.0.8308.920 to 5.0.8308.927 – although there are only two components affected.

What’s Fixed?

Nothing apparent just yet.

Continue reading ‘Lync Server 2013 Security Update – September 2015’ »

SfB 2015 Server Security Update – September 2015

Posted by on

This month’s security update touches just about everything in my world it seems, and of course Skype for Business 2015 Server is no exception:

Kb3089952: Vulnerabilities in Skype for Business Server and Lync Server could allow elevation of privilege: September 8, 2015

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-104.

This update takes the server from 6.0.9319.55 to 6.0.9319.72 – although there are only three components affected.

What’s Fixed?

This cumulative update resolves an issue in which KB3095143 Windows 10 users who use Edge can’t join a meeting from Skype for Business Web App.

Continue reading ‘SfB 2015 Server Security Update – September 2015’ »

Lync 2013 / SfB 2015 Client Security Update – September 2015

Posted by on

This month we have another security update – and this time it includes some fixes and new/changed functionality!

Kb3085500: MS15-097: Description of the security update for Microsoft Lync 2013 (Skype for Business): September 8, 2015:

“This security update resolves vulnerabilities in Microsoft Lync 2013. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-097.”

What’s Fixed?

  • Kb3088665 Adds an AllowSavePassword Group Policy setting to remove the Save Password check box in Skype for Business or Lync 2013
  • Kb3088668 Non-ASCII characters are removed from search box in Skype for Business or Lync 2013
  • Kb3088667 “c0000005” error occurs and Skype for Business or Lync 2013 crashes when you upload a file to a persistent chat room
  • Kb3088669 Your phone numbers disappear when you expand a distribution group in contact list in Skype for Business or Lync 2013
  • Kb3088664 The “Copy” and “Select All” options are disabled for the first instant message in Skype for Business or Lync 2013
  • Kb3088660 Skype for Business or Lync 2013 SDK provides the same window handle value for different PSTN conversation windows
  • Kb3088671 The updated address book can’t be downloaded in Skype for Business or Lync 2013
  • Kb3088670 Call transfer doesn’t transfer a call to the contact that you select in Skype for Business or Lync 2013

What’s New?

  • Kb3088666 Update changes the text label from “Skype call” to “Skype for Business call” in Skype for Business or Lync 2013

Before

After
Sept2015ClientSecurityUpdate-SkypeCall-Before2 Sept2015ClientSecurityUpdate-SfBCall-After2

(I’ve only captured one appearance, but you’ll find this change has been made throughout the client).

Continue reading ‘Lync 2013 / SfB 2015 Client Security Update – September 2015’ »

Lync 2010 Client Security Update – August 2015

Posted by on

Being two releases behind, Lync 2010 doesn’t get much of a look-in around here these days, but I shouldn’t neglect referencing the latest Security Update:

Kb3075593: MS15-080: Description of the security update for Lync 2010: August 11, 2015 “This security update resolves vulnerabilities in Microsoft Lync 2010. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType or OpenType fonts. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-080”.

This update takes the Lync 2010 client to 4.0.7577.4476.

Download

This is the client fix itself:

  • x86 (Lync.msp)
  • x64 (Lync.msp)

This is the updated version of the Lync 2010 Attendee software:

 

– G.

Lync 2013 / SfB 2015 Client Security Update – August 2015

Posted by on

I have a little secret to share: I get a quiet delight out of seeing news of a security update for Lync/SfB. Don’t get me wrong, I certainly don’t enjoy reading of potential vulnerabilities in the product; what I do enjoy is knowing that each security update includes all of the fixes they’d coded into the product since the last ‘official’ update, and so my clients and I get the benefit of the fixes before they were otherwise going to see the light of day…

And so it is that we have an August update to the Lync 2013 / Skype for Business 2015 client:

Kb3055014: Description of the security update for Microsoft Lync 2013 (Skype for Business): August 11, 2015

“This security update resolves vulnerabilities in Microsoft Lync 2013. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType or OpenType fonts. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-080”.

What’s Fixed?

As if to spite me – perhaps as payback for my opening line – there are no documented fixes at this stage, beyond those of the security update itself.

What’s New?

kb3080519: Adds a policy setting from in-band provisioning to disable media traffic over IPv6 in Skype for Business or Lync 2013. (See my more detailed post here).

Continue reading ‘Lync 2013 / SfB 2015 Client Security Update – August 2015’ »

Sonus Third Party Presence

Posted by on

Hot off the press (as of July 2015) is v5 of Sonus’ SBC 1k/2k firmware, and its “Third Party Presence” feature.

I covered the new features in my last post, but wanted to particularly highlight this one as it’s quite ground-breaking.

I think the potential for this is vast: *any* call that’s going through the SBC can set a user’s presence:

  • A user who’s still on your PABX, only using SfB/Lync for IMs can still be showing as “in a call” when they’re on their PABX phone. (Yes, there’s possibly some overlap with SfB’s Call Via Work feature here – but this works on Lync 2013 as well!)
  • A remote user – perhaps an executive – calls in from their home phone – they’ll show as “in a call”
  • If you want to monitor calls to/from a given country, area code, partner organisation or even an individual, set the presence for a dummy user account you’re monitoring. (Awesome debugging tool or what?)
  • Want to know if there are any active calls to UM, SA or some other service?
  • See the presence each time the door intercom, paging trunk or boom gate is active

Continue reading ‘Sonus Third Party Presence’ »

Sonus SBC 1k/2k v5 firmware

Posted by on

It’s been not 9 months since the last major upgrade to the Sonus SBC 1k/2k family. v4 came out late last year and I wrote of its benefits in early December, in particular the shedding of the Java requirement for the real-time monitor.

Now v5 has landed, and it’s perhaps as impressive a leap as last time, if not more so.

I’ve had a chance to peruse the documentation, trawl the XML backup file and take it for a spin. Here’s the official list, as well as some extras I thought worthy of special mention:

  • ASM Enhancements – The ASM now supports images based on Microsoft Windows Server 2012R2
  • Skype for Business – Sonus SBC 1000/2000 is now certified for Microsoft’s Skype for Business
  • Third Party Skype/Lync Presence – The Third Party Skype/Lync Presence feature enables the status of non-Lync endpoints to be communicated on behalf of Lync Clients
  • NTTCom Support – Several enhancements are now included for NTTCom certifications
  • NFS Storage – The Sonus 1000/2000 provides storage for the Sonus SBC 1000/2000’s internal files
  • NAT Traversal/NTP Latching – The NAT Traversal/NTP Latching feature enables SIP endpoints that are behind NAT routers to register and communicate with the Sonus SBC 1000/2000
  • Split DNS – The SBC1000/2000 can now be configured to use a Primary DNS Server, a Secondary DNS Server, and a Domain Specific DNS Server (Split-DNS) to resolve FQDNs
  • Direct Media – Direct Media support for SIP-to-SIP calls enables SIP Signaling to go through the SBC 1000/2000 without media being passed through the SBC
  • Connected Name Support – Connected Name is now supported in SIP and QSIG ISDN. The SIP Connected Name is derived from the To header
  • Packet Capture – Packet Capture is a new diagnostic feature in the Sonus SBC 1000/2000, which captures IP traffic to troubleshoot problems, such as SIP, AD, etc
  • Easy Configuration – The Sonus SBC 1000/2000 Web interface now includes a built-in step-by-step setup Easy Configuration wizard, which enables end-users to quickly deploy SBC1000/2000 within a couple of minutes
  • Auto Configuration with BroadSoft Web Services – Sonus SBC 1000/2000 now enables configuration and and updating of SBC 1k/2k remotely from a BroadSoft Server, using SIP NOTIFY message
  • SIP Registration and Subscription WebUI – A new feature has been added to the Sonus SBC 1000/2000 to monitor selected SIP register and subscribe sessions
  • Initial Setup Enhancement – The Initial Setup Enhancement features provides the ability to configure Ethernet 2 in the Initial Setup, along with Additional Routes apart from the Default Route in the Initial Setup Page
  • Alarm and Event History – The Alarm/Event History display provides diagnostics and troubleshooting capabilities for the Sonus SBC 1000/2000 by rendering the latest alarms/events in the system
  • Maximum Call Duration – A maximum call talk timer will force-clear a long-held call

Continue reading ‘Sonus SBC 1k/2k v5 firmware’ »

SfB 2015 Topology Publish Failed

Posted by on

I was tinkering in the Lab recently creating a new Trusted App through PowerShell, and at the “Enable-CsTopology” step it failed with a less-than-helpful error:

ErrorInPowerShell-edit

Enable-CsTopology : Command execution failed: "1" error categories reported in topology document.
At line:1 char:1
+ Enable-CsTopology
+ ~~~~~~~~~~~~~~~~~     + CategoryInfo          : InvalidOperation: (:) [Enable-CsTopology], DeploymentException     + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deployment.ActivateTopologyCmdlet

Continue reading ‘SfB 2015 Topology Publish Failed’ »

Lync 2013 / SfB 2015 Client Update – July 2015

Posted by on

The latest client update is out: the July 14, 2015, update for Lync 2013 (Skype for Business) (KB3054946).

This one takes the Office 2013-based Lync/SfB client from 15.0.4727.1001 to 15.0.4737.1001.

What’s Fixed

  • Kb3076504 CPU usage is reduced by emoticon animations that are active in multiple conversations in Skype for Business or Lync 2013
  • Kb3072756 Update UI to better display presence information in Skype for Business when calendar is set to out of office
  • Kb3072755 Chinese Contact Group name is displayed in garbled characters in Skype for Business or Lync 2013
  • Kb3072754 Update user interface for group contact counts in contact lists in Skype for Business or Lync 2013
  • Kb3072753 Active Directory contact’s name is changed to the phone number in the contact list of Skype for Business or Lync 2013
  • Kb3072752 Typed characters take a long time to display in the message input box in Skype for Business or Lync 2013
  • Kb3072751 Add the click-to-call feature for RCC-enabled users from the contact card in Skype for Business or Lync 2013
  • Kb3072750 Update changes the text label from participant code to Conference ID in Skype for Business or Lync 2013

Continue reading ‘Lync 2013 / SfB 2015 Client Update – July 2015’ »