MS15-104: Description of the security update for Microsoft Lync Server 2013 (Web Components Server): September 8, 2015


This security update resolves vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-104.

More Information

Known issues in this security update

3098577 Sign-in and query errors after you install MS15-104 Security update for Microsoft Lync Server 2013 (Web Components Server)

How to obtain and install the update

Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. To install the update, follow the installation instructions on the download page.

How to install the update

To install the cumulative update for Lync Server 2013 (Web Components Server), use one of the following methods.

Method 1: Cumulative Server Update Installer

The Cumulative Server Update Installer applies all updates for the appropriate server role in one operation. To use the Cumulative Server Update Installer, follow these steps.

Note If User Account Control (UAC) is turned on, you must start the Cumulative Server Update Installer by using elevated permissions to make sure that all updates are installed correctly.
  1. Download the Cumulative Server Update Installer. To do this, go to the following Microsoft Download Center website:
    Download Download the update package now.
  2. Run the Cumulative Server Update Installer by using the UI or by using a command line.

    Note The UI provides a clear indication of which updates are installed when you click Install Updates.

    To run the Installer, run the following command:


    Notes The following text describes parameters that you can use together with the LyncServerUpdateInstaller.exe command:
    • The /silentmode switch applies all applicable updates in the background.
    • The /silentmode /forcereboot switch applies all applicable updates in the background and then automatically restarts the server at the end of the installation process if this is necessary.
    • The /extractall switch extracts the updates from the installer and saves the updates in a subfolder that is named "Extracted" in the folder in which you ran the command.
    After you run the Lync Server Update Installer, you must update all the applicable back-end servers. For more information about how to do this, see Updates for Lync Server 2013.

Method 2: Microsoft Update

The update is also available from the Microsoft Update website.

Note After you install this update by using Microsoft Update, you must update the databases on the back-end servers. For more information about how to do this, see Updates for Lync Server 2013.


To install this security update, you have to install the latest update Lync Server 2013Lync Server 2013.

Update deployment information

For deployment information about this update, see Microsoft Knowledge Base Article 3089952.

Update removal information

Note We don't recommend that you remove any security update.

To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update doesn't require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces previously released update 2982390.
File information
How to obtain help and support for this security update

Makale No: 3080353 - Son İnceleme: 25 Eyl 2015 - Düzeltme: 1

Geri bildirim