MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016

Applies to: Microsoft Lync 2013Skype for Business


This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

To learn more about the vulnerabilities, see Microsoft Security Bulletin MS16-039.

For a complete list of affected software, see Microsoft Knowledge Base article 3148522.

More Information

Security-related fixes and improvements that are included in this security update

This security update contains fixes for the following security issue:
  • 3153357 Buffer may overrun when you use Lync 2013 or Skype for Business

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. To install the update, follow the installation instructions on the download page.


More Information

Update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3148522.


To install this security update, you must first have the following updates installed.

Update replacement information

This security update replaces previously released security update KB3114351.