MS15-123: Security update for Skype for Business and Lync to address information disclosure: November 10, 2015

<html><body><p>Resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content.</p><h2>Summary</h2><div>This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content. To learn more about the vulnerability, see <a href=“https://technet.microsoft.com/library/security/ms15-123” target=“_self”>Microsoft Security Bulletin MS15-123</a>.</div><h2>More information about this security update</h2><div>The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.<ul><li><a href=“https://support.microsoft.com/en-us/help/3101496”>3101496 </a> MS15-116 and MS15-123: Description of the security update for Lync 2013 (Skype for Business): November 10, 2015</li><li><a href=“https://support.microsoft.com/en-us/help/3096738”>3096738 </a> MS15-123: Description of the security update for Lync 2010 Attendee (admin level install): November 10, 2015</li><li><a href=“https://support.microsoft.com/en-us/help/3096736”>3096736 </a> MS15-123: Description of the security update for Lync 2010 Attendee (user level install): November 10, 2015</li><li><a href=“https://support.microsoft.com/en-us/help/3096735”>3096735 </a> MS15-123: Description of the security update for Lync 2010: November 10, 2015</li><li><a href=“https://support.microsoft.com/en-us/help/3085634”>3085634 </a> MS15-116 and MS15-123: Description of the security update for Skype for Business 2016: November 10, 2015</li></ul><br /><div><div><div><span><span></span></span><span><span>Nonsecurity-related fixes that are included in this security update</span></span></div><div><span><div>This security update also includes the following nonsecurity-related cumulative update: <ul><li><a href=“https://support.microsoft.com/en-us/help/3108096”>3108096 </a> Skype for Business November 2015 cumulative update for Crestron RL, Polycom CX8000, and SMART Room System (KB3108096)</li></ul></div><br /></span></div></div></div></div><h2></h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), Microsoft Lync Basic 2013 (Skype for Business Basic), Skype for Business 2016, and Skype for Business Basic 2016</h4><span>Reference table</span><br /><br />The following table contains the security update information for this software.<div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Lync 2010 (32-bit) (3096735):<br /><span>lync.msp</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 (64-bit) (3096735):<br /><span>lync.msp</span></td></tr><tr><td></td><td>For Microsoft Lync 2010 Attendee (user level install) (3096736):<br /><span>AttendeeUser.msp</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 Attendee (admin level install) (3096738):<br /><span>AttendeeAdmin.msp</span></td></tr><tr><td><br /></td><td>For all supported 32-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):<br /><span>lync2013-kb3101496-fullfile-x86-glb.exe</span></td></tr><tr><td><br /></td><td>For all supported 64-bit editions of Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):<br /><span>lync2013-kb3101496-fullfile-x64-glb.exe</span></td></tr><tr><td><br /></td><td>For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:<br /><span>lync2016-kb3085634-fullfile-x86-glb.exe</span></td></tr><tr><td><br /></td><td>For all supported 64-bit editions of Skype for Business Basic 2016:<br /><span>lync2016-kb3085634-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For all supported editions of Microsoft Lync 2010:<br />See <a href=“https://support.microsoft.com/help/3096735” target=“_self”>Microsoft Knowledge Base Article 3096735</a></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 Attendee (user level install):<br />See <a href=“https://support.microsoft.com/help/3096736” target=“_self”>Microsoft Knowledge Base Article 3096736</a></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 Attendee (admin level install):<br />See <a href=“https://support.microsoft.com/help/3096738” target=“_self”>Microsoft Knowledge Base Article 3096738</a></td></tr><tr><td><br /></td><td>For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):<br />See <a href=“https://support.microsoft.com/help/3101496” target=“_self”>Microsoft Knowledge Base Article 3101496</a></td></tr><tr><td><br /></td><td>For Skype for Business 2016 and Skype for Business Basic 2016:<br />See <a href=“https://support.microsoft.com/help/3085634” target=“_self”>Microsoft Knowledge Base Article 3085634</a></td></tr><tr><td><span>Registry key verification</span></td><td>For Microsoft Lync 2010 (32-bit):<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br />Version = <span>7577.4484</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 (64-bit):<br />HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br />Version = <span>7577.4484</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 Attendee (admin level install):<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = <span>4.0.7577.4484</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2010 Attendee (user level install):<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br />Version = <span>7577.4484</span></td></tr><tr><td><br /></td><td>For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):<br />Not applicable</td></tr><tr><td><br /></td><td>For Skype for Business 2016 and Skype for Business Basic 2016:<br />Not applicable</td></tr></table></div><h4>Microsoft Lync Room System</h4><span>Reference table</span><br /><br />The following table contains the security update information for this software.<div><table><tr><td><span>Security update file name</span></td><td>For SMART Room System (3108096):<br /><span>SMARTLyncRoomUpdates.exe</span></td></tr><tr><td><br /></td><td>For Crestron RL (3108096):<br /><span>CrestronLyncRoomUpdates.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>A system restart is required after you apply this security update.</td></tr><tr><td><span>Removal Information</span></td><td>The updates are removable only by performing a factory reset.</td></tr><tr><td><span>File information</span></td><td>For SMART Room System:<br />See <a href=“https://support.microsoft.com/help/3108096” target=“_self”>Microsoft Knowledge Base Article 3108096</a></td></tr><tr><td><br /></td><td>For Crestron RL:<br />See <a href=“https://support.microsoft.com/help/3108096” target=“_self”>Microsoft Knowledge Base Article 3108096</a></td></tr><tr><td><span>Registry key verification</span></td><td>For SMART Room System:<br />Not applicable</td></tr><tr><td><br /></td><td>For Crestron RL:<br />Not applicable</td></tr></table></div> </div><br /></span></div></div></div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>AttendeeAdmin.msp</td><td>A22099CBD39776DA7EE5684D2F8C1660FB71E2C8</td><td>2852B9E5685E4BF22DFC875CE5AF80D5BE4CA1CD0BC3BD34B5A66A19B92043BF</td></tr><tr><td>AttendeeUser.msp</td><td>5B1D73552142D8E10833ED251C85324499E54CA3</td><td>55E3687D1028AF83DF008D8671C762BCBEA4418B3AC0722CDA1FCAF0A7018897</td></tr><tr><td>CrestronLyncRoomUpdates.exe</td><td>BC5D328BD296212DE2063356204C7CC82F820A5A</td><td>AE2F0F4FD263B03B8F79DBA587F0FB30F9D1C4D366D1FA071E99C2AA613550BA</td></tr><tr><td>Lync.msp (For x64-based versions)</td><td>33B66E65C61662E3E51F3504C06ED49AF7B76CE6</td><td>8C4850E9C71325DD71BE0CDB040B09BB8C10917030CE96DC8DE8BE02F30FC5E4</td></tr><tr><td>Lync.msp (For x86-based versions)</td><td>F06A8F8AC4FD53B4424305A164F9A0C716409DAC</td><td>63559FF9BF347E32A84B554F668558AD8DD0C68853308EE7D52B61C16FD03DB4</td></tr><tr><td>SMARTLyncRoomUpdates.exe</td><td>A6771BDA5FF97181AF29B64F7D14E94E7E4D7573</td><td>B2B3294B113933AB52C3681829DB97276B6DD0D7AA7F20BA184EBAC88EF56E97</td></tr><tr><td>lync2013-kb3101496-fullfile-x64-glb.exe</td><td>3B4187E79E318E93BA3189C11E86D4570623E920</td><td>08677AD12DB42DE94893FB849B18EE450A95F521F110719C74DD96322EB41173</td></tr><tr><td>lync2013-kb3101496-fullfile-x86-glb.exe</td><td>321B98C24C9AF6816AA81E3515588988D82DE568</td><td>7A8EC9A03AF6A503C26641CFEF6AF8BB9D3856D457CA8CC86A4FB55A3591BD01</td></tr><tr><td>lync2016-kb3085634-fullfile-x64-glb.exe</td><td>6741FDEB39D6B2C65F1F7B950A07C5C701398109</td><td>27A9C34B9F0EF74599DB460182954AC67A12D36906D0F4C0BD686542EFB9992F</td></tr><tr><td>lync2016-kb3085634-fullfile-x86-glb.exe</td><td>01CFA248C92C3C4E8B0D6CE30CBC6B723EEE0D5E</td><td>611D1E65FEAB3DC9C8CC68B9CCA4E0D93E5BBA1CEC5D705592C343F06EE1F9FB</td></tr></table></div></div><br /></span></div></div></div><div><div><div><span><span></span></span><span><span>How to obtain help and support for this security update</span></span></div><div><span><div>Help for installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help for protecting your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><br /></span></div></div></div></div></body></html>