SfB 2016 Client Security Update – October 2015

It’s barely out the gate and we already have an update for the Office 2016-based Skype for Business desktop client app, although this one just appears to be a catch-up, adding the fix for last month’s remote code execution risk into the new client.

Kb2910994: MS15-097: Description of the security update for Microsoft Lync 2013 (Skype for Business): September 8, 2015: “This security update resolves vulnerabilities in Microsoft Lync 2013. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-097.”

My client machine’s currently at 16.0.4266.1003, and this update purports to take it to 16.0.4288.1000, although as you’ll see in the Before/After section below, apparently “there are no products affected by this package installed on this system”. I’m running the full msi-based install of Office 2016, so I’m guessing this fixup might only apply to the click-to-run version.

What’s Fixed?

This security update also contains fixes for the following nonsecurity issues:

  • Invalid speech signal level when you convert a stereo microphone array to monaural. This results in noise or a full echo.
  • When you try to start the co-edit option from sharing, you receive the following error message: “Operating system is not presently configured to run this application.”
  • No mirrors occur when you open Skype Meeting in Microsoft Outlook for some languages.
  • The co-author option doesn’t work.
  • All instances of “co-edit” are renamed “co-author.”

What’s New?

  • Nothing yet(?).

Known Issues

There are no known issues documented that are specific to this update, however Mark Vale has found no shortage of ‘quirks’ in this new client:

Ken Lasko and others have Tweeted of encountering some screen-sharing strangeness too.

Pre-Req’s

Wow: “There are no prerequisites to install this security update.” We don’t see that too often, huh?

Download

This is the client fix itself:

  • x86 (lync2016-kb2910994-fullfile-x86-glb.exe)
  • x64 (lync2016-kb2910994-fullfile-x64-glb.exe)

Reboot?

N/A – see below.

Before / After

I’m running the msi-based install of Office 2016, so I’m guessing this fixup might only apply to the click-to-run version.

Before

After

SfB 2016 MSO (16.0.4266.1003) ??
SfB2016-OctSecurityUpdate-Before NoProductsAffected

Revision History

6th October. This is the initial post.

 

– G.

Leave a Reply

Your email address will not be published.

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.