This week’s security update also covers the Office 2016 client for SfB.
Kb3114372: “MS15-128: Description of the security update for Skype for Business 2016: December 8, 2015
This security update resolves vulnerabilities in Skype for Business 2016 that could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-128.
For a complete list of affected software, see Microsoft Knowledge Base article 3104503.”
This security update also contains fixes for the following nonsecurity issues:
- Kb3114303 App sharing sessions fails in Skype for Business 2016 when the transport thread is busy
- Kb3114299 Media setup may fail and all media diagnostics information is missing in Skype for Business 2016
What’s New / Changed
This security update contains the following improvement:
- Renames the “Add-Ins” string to the “Add-ins” string for consistency.
This is the client fix itself:
Before / After
I’m running the Professional Plus ISO-based install of Office 2016 and the patch was deemed not applicable:
9th December 2015: This is the initial post
“I’m running the Professional Plus ISO-based install of Office 2016 and the patch was deemed not applicable”
How is this possible, that a security/bugfix patch is not applicable to some kind of client installation, even if indeed the installed client is older than the patch?
Is it not applicable to Sfb2016 Basic client as well?
Just to followup myself, the update INDEED is applicable (at least in theory) to Sfb2016 basic, but for some reason it also rejects to install it on my machine.
Strange huh? I’ve been meaning to load the C2R version on a machine here just to test against.