MS15-128: Description of the security update for Skype for Business 2016: December 8, 2015

Applies to: Skype for Business 2016


This security update resolves vulnerabilities in Skype for Business 2016 that could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-128.

For a complete list of affected software, see Microsoft Knowledge Base article 3104503.

Improvements and fixes

This security update contains the following improvement:
  • Renames the "Add-Ins" string to the "Add-ins" string for consistency.

This security update also contains fixes for the following nonsecurity issues:

After you apply one of the following security updates, a new category of client telemetry (Census) data collection is enabled for Microsoft Lync 2013 (Microsoft Skype for Business) and Microsoft Skype for Business 2016: For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3139949 Census data is now collected for all Lync 2013 (Skype for Business) and Skype for Business 2016 clients

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3104503.

Security update replacement information

This security update replaces previously released update 3085634.