Summary
This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-123.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.
-
3101496 MS15-116 and MS15-123: Description of the security update for Lync 2013 (Skype for Business): November 10, 2015
-
3096738 MS15-123: Description of the security update for Lync 2010 Attendee (admin level install): November 10, 2015
-
3096736 MS15-123: Description of the security update for Lync 2010 Attendee (user level install): November 10, 2015
-
3096735 MS15-123: Description of the security update for Lync 2010: November 10, 2015
-
3085634Â MS15-116 and MS15-123: Description of the security update for Skype for Business 2016: November 10, 2015
This security update also includes the following nonsecurity-related cumulative update:
-
3108096 Skype for Business November 2015 cumulative update for Crestron RL, Polycom CX8000, and SMART Room System (KB3108096)
Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), Microsoft Lync Basic 2013 (Skype for Business Basic), Skype for Business 2016, and Skype for Business Basic 2016Reference tableThe following table contains the security update information for this software.
|
Security update file name |
For Microsoft Lync 2010 (32-bit) (3096735):lync.msp |
|
|
For Microsoft Lync 2010 (64-bit) (3096735):lync.msp |
|
For Microsoft Lync 2010 Attendee (user level install) (3096736):AttendeeUser.msp |
|
|
|
For Microsoft Lync 2010 Attendee (admin level install) (3096738):AttendeeAdmin.msp |
|
|
For all supported 32-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):lync2013-kb3101496-fullfile-x86-glb.exe |
|
|
For all supported 64-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):lync2013-kb3101496-fullfile-x64-glb.exe |
|
|
For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:lync2016-kb3085634-fullfile-x86-glb.exe |
|
|
For all supported 64-bit editions of Skype for Business Basic 2016:lync2016-kb3085634-fullfile-x64-glb.exe |
|
Installation switches |
|
|
Restart requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012. |
|
Removal information |
Use Add or Remove Programs item in Control Panel. |
|
File information |
For all supported editions of Microsoft Lync 2010:See Microsoft Knowledge Base Article 3096735 |
|
|
For Microsoft Lync 2010 Attendee (user level install):See Microsoft Knowledge Base Article 3096736 |
|
|
For Microsoft Lync 2010 Attendee (admin level install):See Microsoft Knowledge Base Article 3096738 |
|
|
For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):See Microsoft Knowledge Base Article 3101496 |
|
|
For Skype for Business 2016 and Skype for Business Basic 2016:See Microsoft Knowledge Base Article 3085634 |
|
Registry key verification |
For Microsoft Lync 2010 (32-bit):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4484 |
|
|
For Microsoft Lync 2010 (64-bit):HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4484 |
|
|
For Microsoft Lync 2010 Attendee (admin level install):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4484 |
|
|
For Microsoft Lync 2010 Attendee (user level install):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4484 |
|
|
For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):Not applicable |
|
|
For Skype for Business 2016 and Skype for Business Basic 2016:Not applicable |
Microsoft Lync Room SystemReference tableThe following table contains the security update information for this software.
|
Security update file name |
For SMART Room System (3108096):SMARTLyncRoomUpdates.exe |
|
|
For Crestron RL (3108096):CrestronLyncRoomUpdates.exe |
|
Installation switches |
|
|
Restart requirement |
A system restart is required after you apply this security update. |
|
Removal Information |
The updates are removable only by performing a factory reset. |
|
File information |
For SMART Room System:See Microsoft Knowledge Base Article 3108096 |
|
|
For Crestron RL:See Microsoft Knowledge Base Article 3108096 |
|
Registry key verification |
For SMART Room System:Not applicable |
|
|
For Crestron RL:Not applicable |
|
File name |
SHA1 hash |
SHA256 hash |
|---|---|---|
|
AttendeeAdmin.msp |
A22099CBD39776DA7EE5684D2F8C1660FB71E2C8 |
2852B9E5685E4BF22DFC875CE5AF80D5BE4CA1CD0BC3BD34B5A66A19B92043BF |
|
AttendeeUser.msp |
5B1D73552142D8E10833ED251C85324499E54CA3 |
55E3687D1028AF83DF008D8671C762BCBEA4418B3AC0722CDA1FCAF0A7018897 |
|
CrestronLyncRoomUpdates.exe |
BC5D328BD296212DE2063356204C7CC82F820A5A |
AE2F0F4FD263B03B8F79DBA587F0FB30F9D1C4D366D1FA071E99C2AA613550BA |
|
Lync.msp (For x64-based versions) |
33B66E65C61662E3E51F3504C06ED49AF7B76CE6 |
8C4850E9C71325DD71BE0CDB040B09BB8C10917030CE96DC8DE8BE02F30FC5E4 |
|
Lync.msp (For x86-based versions) |
F06A8F8AC4FD53B4424305A164F9A0C716409DAC |
63559FF9BF347E32A84B554F668558AD8DD0C68853308EE7D52B61C16FD03DB4 |
|
SMARTLyncRoomUpdates.exe |
A6771BDA5FF97181AF29B64F7D14E94E7E4D7573 |
B2B3294B113933AB52C3681829DB97276B6DD0D7AA7F20BA184EBAC88EF56E97 |
|
lync2013-kb3101496-fullfile-x64-glb.exe |
3B4187E79E318E93BA3189C11E86D4570623E920 |
08677AD12DB42DE94893FB849B18EE450A95F521F110719C74DD96322EB41173 |
|
lync2013-kb3101496-fullfile-x86-glb.exe |
321B98C24C9AF6816AA81E3515588988D82DE568 |
7A8EC9A03AF6A503C26641CFEF6AF8BB9D3856D457CA8CC86A4FB55A3591BD01 |
|
lync2016-kb3085634-fullfile-x64-glb.exe |
6741FDEB39D6B2C65F1F7B950A07C5C701398109 |
27A9C34B9F0EF74599DB460182954AC67A12D36906D0F4C0BD686542EFB9992F |
|
lync2016-kb3085634-fullfile-x86-glb.exe |
01CFA248C92C3C4E8B0D6CE30CBC6B723EEE0D5E |
611D1E65FEAB3DC9C8CC68B9CCA4E0D93E5BBA1CEC5D705592C343F06EE1F9FB |
Help for installing updates: Support for Microsoft UpdateSecurity solutions for IT professionals: TechNet Security Troubleshooting and SupportHelp for protecting your Windows-based computer from viruses and malware: Virus Solution and Security CenterLocal support according to your country: International Support
