It’s barely out the gate and we already have an update for the Office 2016-based Skype for Business desktop client app, although this one just appears to be a catch-up, adding the fix for last month’s remote code execution risk into the new client.
Kb2910994: MS15-097: Description of the security update for Microsoft Lync 2013 (Skype for Business): September 8, 2015: “This security update resolves vulnerabilities in Microsoft Lync 2013. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-097.”
My client machine’s currently at 16.0.4266.1003, and this update purports to take it to 16.0.4288.1000, although as you’ll see in the Before/After section below, apparently “there are no products affected by this package installed on this system”. I’m running the full msi-based install of Office 2016, so I’m guessing this fixup might only apply to the click-to-run version.
This security update also contains fixes for the following nonsecurity issues:
- Invalid speech signal level when you convert a stereo microphone array to monaural. This results in noise or a full echo.
- When you try to start the co-edit option from sharing, you receive the following error message: “Operating system is not presently configured to run this application.”
- No mirrors occur when you open Skype Meeting in Microsoft Outlook for some languages.
- The co-author option doesn’t work.
- All instances of “co-edit” are renamed “co-author.”
- Nothing yet(?).
There are no known issues documented that are specific to this update, however Mark Vale has found no shortage of ‘quirks’ in this new client:
- Skype for Business – 2016 Client Still Cannot Transfer Calls Properly
- Skype for Business – Office 2016 Client Address Book Download Failure
- Skype for Business – Office 2016 Unable to Verify Calendar Owner & Other Funnies
Wow: “There are no prerequisites to install this security update.” We don’t see that too often, huh?
This is the client fix itself:
N/A – see below.
Before / After
I’m running the msi-based install of Office 2016, so I’m guessing this fixup might only apply to the click-to-run version.
|SfB 2016 MSO (16.0.4266.1003)||??|
6th October. This is the initial post.