Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-123: Security update for Skype for Business and Lync to address information disclosure: November 10, 2015


View products that this article applies to.

Summary

This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-123.

↑ Back to the top


More information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3101496 MS15-116 and MS15-123: Description of the security update for Lync 2013 (Skype for Business): November 10, 2015
  • 3096738 MS15-123: Description of the security update for Lync 2010 Attendee (admin level install): November 10, 2015
  • 3096736 MS15-123: Description of the security update for Lync 2010 Attendee (user level install): November 10, 2015
  • 3096735 MS15-123: Description of the security update for Lync 2010: November 10, 2015
  • 3085634  MS15-116 and MS15-123: Description of the security update for Skype for Business 2016: November 10, 2015

Nonsecurity-related fixes that are included in this security update
This security update also includes the following nonsecurity-related cumulative update: 
  • 3108096 Skype for Business November 2015 cumulative update for Crestron RL, Polycom CX8000, and SMART Room System (KB3108096)

↑ Back to the top


Security update deployment information

Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), Microsoft Lync Basic 2013 (Skype for Business Basic), Skype for Business 2016, and Skype for Business Basic 2016

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Lync 2010 (32-bit) (3096735):
lync.msp

For Microsoft Lync 2010 (64-bit) (3096735):
lync.msp
For Microsoft Lync 2010 Attendee (user level install) (3096736):
AttendeeUser.msp

For Microsoft Lync 2010 Attendee (admin level install) (3096738):
AttendeeAdmin.msp

For all supported 32-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):
lync2013-kb3101496-fullfile-x86-glb.exe

For all supported 64-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):
lync2013-kb3101496-fullfile-x64-glb.exe

For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:
lync2016-kb3085634-fullfile-x86-glb.exe

For all supported 64-bit editions of Skype for Business Basic 2016:
lync2016-kb3085634-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationFor all supported editions of Microsoft Lync 2010:
See Microsoft Knowledge Base Article 3096735

For Microsoft Lync 2010 Attendee (user level install):
See Microsoft Knowledge Base Article 3096736

For Microsoft Lync 2010 Attendee (admin level install):
See Microsoft Knowledge Base Article 3096738

For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):
See Microsoft Knowledge Base Article 3101496

For Skype for Business 2016 and Skype for Business Basic 2016:
See Microsoft Knowledge Base Article 3085634
Registry key verificationFor Microsoft Lync 2010 (32-bit):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4484

For Microsoft Lync 2010 (64-bit):
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4484

For Microsoft Lync 2010 Attendee (admin level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4484

For Microsoft Lync 2010 Attendee (user level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4484

For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):
Not applicable

For Skype for Business 2016 and Skype for Business Basic 2016:
Not applicable

Microsoft Lync Room System

Reference table

The following table contains the security update information for this software.
Security update file nameFor SMART Room System (3108096):
SMARTLyncRoomUpdates.exe

For Crestron RL (3108096):
CrestronLyncRoomUpdates.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementA system restart is required after you apply this security update.
Removal InformationThe updates are removable only by performing a factory reset.
File informationFor SMART Room System:
See Microsoft Knowledge Base Article 3108096

For Crestron RL:
See Microsoft Knowledge Base Article 3108096
Registry key verificationFor SMART Room System:
Not applicable

For Crestron RL:
Not applicable
 

File hash information
File nameSHA1 hashSHA256 hash
AttendeeAdmin.mspA22099CBD39776DA7EE5684D2F8C1660FB71E2C82852B9E5685E4BF22DFC875CE5AF80D5BE4CA1CD0BC3BD34B5A66A19B92043BF
AttendeeUser.msp5B1D73552142D8E10833ED251C85324499E54CA355E3687D1028AF83DF008D8671C762BCBEA4418B3AC0722CDA1FCAF0A7018897
CrestronLyncRoomUpdates.exeBC5D328BD296212DE2063356204C7CC82F820A5AAE2F0F4FD263B03B8F79DBA587F0FB30F9D1C4D366D1FA071E99C2AA613550BA
Lync.msp (For x64-based versions)33B66E65C61662E3E51F3504C06ED49AF7B76CE68C4850E9C71325DD71BE0CDB040B09BB8C10917030CE96DC8DE8BE02F30FC5E4
Lync.msp (For x86-based versions)F06A8F8AC4FD53B4424305A164F9A0C716409DAC63559FF9BF347E32A84B554F668558AD8DD0C68853308EE7D52B61C16FD03DB4
SMARTLyncRoomUpdates.exeA6771BDA5FF97181AF29B64F7D14E94E7E4D7573B2B3294B113933AB52C3681829DB97276B6DD0D7AA7F20BA184EBAC88EF56E97
lync2013-kb3101496-fullfile-x64-glb.exe3B4187E79E318E93BA3189C11E86D4570623E92008677AD12DB42DE94893FB849B18EE450A95F521F110719C74DD96322EB41173
lync2013-kb3101496-fullfile-x86-glb.exe321B98C24C9AF6816AA81E3515588988D82DE5687A8EC9A03AF6A503C26641CFEF6AF8BB9D3856D457CA8CC86A4FB55A3591BD01
lync2016-kb3085634-fullfile-x64-glb.exe6741FDEB39D6B2C65F1F7B950A07C5C70139810927A9C34B9F0EF74599DB460182954AC67A12D36906D0F4C0BD686542EFB9992F
lync2016-kb3085634-fullfile-x86-glb.exe01CFA248C92C3C4E8B0D6CE30CBC6B723EEE0D5E611D1E65FEAB3DC9C8CC68B9CCA4E0D93E5BBA1CEC5D705592C343F06EE1F9FB

How to obtain help and support for this security update
Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


Keywords: atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbsecreview, kbsecbulletin, kb, kbsecurity, kbsecvulnerability, kbmustloc

↑ Back to the top

Article Info
Article ID : 3105872
Revision : 1
Created on : 1/7/2017
Published on : 11/10/2015
Exists online : False
Views : 471