MS15-123: Security update for Skype for Business and Lync to address information disclosure: November 10, 2015

Applies to: Skype for Business 2016Skype for BusinessSkype Room Systems More

Summary


This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-123.

More information about this security update


The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3101496 MS15-116 and MS15-123: Description of the security update for Lync 2013 (Skype for Business): November 10, 2015
  • 3096738 MS15-123: Description of the security update for Lync 2010 Attendee (admin level install): November 10, 2015
  • 3096736 MS15-123: Description of the security update for Lync 2010 Attendee (user level install): November 10, 2015
  • 3096735 MS15-123: Description of the security update for Lync 2010: November 10, 2015
  • 3085634  MS15-116 and MS15-123: Description of the security update for Skype for Business 2016: November 10, 2015