Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-104: Vulnerabilities in Skype for Business Server and Lync Server could allow elevation of privilege: September 8, 2015


View products that this article applies to.

Summary

This security update resolves vulnerabilities in Skype for Business and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-104.

↑ Back to the top


More information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.

↑ Back to the top


More Information

Security update deployment information

Microsoft Lync Server 2013

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Lync Server 2013 (3080353):
WebComponents.msp
Installation switchesSee Microsoft Knowledge Base Article 197147
Restart requirementThis update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3080353 .
Registry key verificationFor Microsoft Lync Server 2013 (WebComponents.msp):

HKLM\Software\Microsoft\Real-Time Communications\{2A65AB9C-57AD-4EC6-BD4E-BD61A7C583B3}\Version = 5.0.8308.927

Skype for Business Server 2015

Reference table
The following table contains the security update information for this software.
Security update file nameFor Skype for Business Server 2015 (3080355):
WebComponents.msp
For Skype for Business Server 2015 (3080352):
EnterpriseWebApp.msp
Installation switchesSee Microsoft Knowledge Base Article 197147
Restart requirementThis update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationSee Microsoft Knowledge Base Article 3061064
File informationSee Microsoft Knowledge Base Article 3080355 .
See Microsoft Knowledge Base Article 3080352 .
Registry key verificationFor Skype for Business Server 2015 (WebComponents.msp):

HKEY_LOCAL_MACHINE\Software\Microsoft\Real-Time Communications\{2A65AB9C-57AD-4EC6-BD4E-BD61A7C583B3}\Version = 6.0.9319.72
For Skype for Business Server 2015 (EnterpriseWebApp.msp):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F055581A89591B9409A70EFBF5EB7DE7\InstallProperties = 6.0.9319.72

How to obtain help and support for this security update
Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


Keywords: atdownload, kbsurveynew, kbfix, kbbug, kbsecvulnerability, kbsecurity, kbsecbulletin, kb, kbmustloc, kblangall, kbexpertiseinter, kbsecreview

↑ Back to the top

Article Info
Article ID : 3089952
Revision : 1
Created on : 1/7/2017
Published on : 9/18/2015
Exists online : False
Views : 377