MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016


This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

To learn more about the vulnerabilities, see Microsoft Security Bulletin MS16-039.

For a complete list of affected software, see Microsoft Knowledge Base article 3148522.

More Information

Security-related fixes and improvements that are included in this security update

This security update contains fixes for the following security issue:
  • 3153357 Buffer may overrun when you use Lync 2013 or Skype for Business
Nonsecurity-related fixes and improvements that are included in this security update

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. To install the update, follow the installation instructions on the download page.


More Information

Update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3148522.


To install this security update, you must first have the following updates installed.

Update replacement information

This security update replaces previously released security update KB3114351.

File hash information
File information
How to get help and support for this security update

Article ID: 3114944 - Last Review: Jan 22, 2017 - Revision: 2

Microsoft Lync 2013, Skype for Business