MS15-104: Vulnerabilities in Skype for Business Server and Lync Server could allow elevation of privilege: September 8, 2015

<html><body><p>This security update resolves vulnerabilities in Skype for Business and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL.</p><h2>Summary</h2><div><span></span>This security update resolves vulnerabilities in Skype for Business and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. To learn more about the vulnerability, see <a href=“https://technet.microsoft.com/library/security/ms15-104” target=“_self”>Microsoft Security Bulletin MS15-104</a>.<br /><br /></div><h2>More information about this security update</h2><div>The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.<br /><ul><li><a href=“https://support.microsoft.com/en-us/help/3080353”>KB3080353 MS15-104: Description of the security update for Microsoft Lync Server 2013 (Web Components Server): September 8, 2015 </a></li><li><a href=“https://support.microsoft.com/en-us/help/3061064”>KB3061064 Updates for Skype for Business Server 2015 </a></li></ul></div><h2>More Information</h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>Microsoft Lync Server 2013</h4><div><h5>Reference table</h5>The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Lync Server 2013 (3080353):<br /><span>WebComponents.msp</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/en-us/help/197147”>Microsoft Knowledge Base Article 197147 </a></td></tr><tr><td><span>Restart requirement</span></td><td>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3080353”>3080353 </a>. </td></tr><tr><td><span>Registry key verification</span></td><td>For Microsoft Lync Server 2013 (WebComponents.msp):<br /><br />HKLM\Software\Microsoft\Real-Time Communications{2A65AB9C-57AD-4EC6-BD4E-BD61A7C583B3}\Version = 5.0.8308.927</td></tr></table></div><h4>Skype for Business Server 2015</h4><div><h5>Reference table</h5>The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Skype for Business Server 2015 (3080355):<br /><span>WebComponents.msp</span></td></tr><tr><td></td><td>For Skype for Business Server 2015 (3080352):<br /><span>EnterpriseWebApp.msp</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/en-us/help/197147”>Microsoft Knowledge Base Article 197147 </a></td></tr><tr><td><span>Restart requirement</span></td><td>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.</td></tr><tr><td><span>Removal information</span></td><td>See <a href=“https://support.microsoft.com/en-us/help/3061064”>Microsoft Knowledge Base Article 3061064 </a></td></tr><tr><td>File information</td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3080355”>3080355 </a>.<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3080352”>3080352 </a>.</td></tr><tr><td>Registry key verification</td><td>For Skype for Business Server 2015 (WebComponents.msp):<br /><br />HKEY_LOCAL_MACHINE\Software\Microsoft\Real-Time Communications{2A65AB9C-57AD-4EC6-BD4E-BD61A7C583B3}\Version = 6.0.9319.72</td></tr><tr><td></td><td>For Skype for Business Server 2015 (EnterpriseWebApp.msp):<br /><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F055581A89591B9409A70EFBF5EB7DE7\InstallProperties = 6.0.9319.72</td></tr></table></div></div><br /></div></div></span></div></div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>Package Name</th><th>Package Hash SHA 1</th><th>Package Hash SHA 2</th></tr><tr><td>EnterpriseWebApp_2015_en_us_x64.msp</td><td>4E2196C6EAD919109E179361058C4EB79752FE98</td><td>1747EBE41F7E90CE60E3929AFC020E6F0117455DF9F945B9D55293F2919C5117</td></tr><tr><td>WebComponents_2015_en-us_x64.msp</td><td>5AE12FEA75F5031C3F85065D542379952DF83AC0</td><td>0BF98F955B10DDEF028C4ECF0DDB05CDFEB0F7A13AC6214D545684696EFA46DB</td></tr><tr><td>WebComponents_Lync2013_en-us_x64.msp</td><td>1067898A33AC2DCCB4843570B37159C99A0D40C5</td><td>F48003AA5C04F2418F6390D67B3E4111E93D78D2DF28342A41F9171A799EA05A</td></tr><tr><td>EnterpriseWebApp.msp</td><td>C9586471881CCBC3F9318654185B99F38E502C5B</td><td>3DEAB025280379CD49069A7F818DB9CFAB472BB693E15FA11256F0E00AE7F4A5</td></tr><tr><td>WebComponents.msp</td><td>27EFC31A1C885E1884A77FA6788715ADBB913F09</td><td>C8C7024A81FC4F039A51BEAC6660217B6D3A8E6D94D4636370C1730A62AB9EFD</td></tr></table></div></div><br /></span></div></div></div><div><div><div><span><span></span></span><span><span>How to obtain help and support for this security update</span></span></div><div><span><div>Help for installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help for protecting your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><br /></span></div></div></div></div></body></html>