Microsoft releases MS15-044: Description of the security update for Lync 2013 (Skype for Business): May 12, 2015

This security update resolves a vulnerability in Microsoft Lync that could allow information disclosure if a user opens a specially crafted Lync meeting request.
This security update for Microsoft Lync 2013 includes the new Skype for Business client.


Download information

Known issues

Improvements and fixes

Q&A From Microsoft:

Q1. Is the Lync UI identical to the Lync 2013 UI? Are there changes or artifacts that administrators must be aware of?

A1. People who use the Lync UI in the new client will have an experience which is very close, but not identical to the old experience. Specifically, while the traditional Lync windows and controls are unchanged, the task tray icon, the menu item in Windows, and several buttons in Outlook reflect the new Skype brand. We unfortunately do not have the ability to change the behavior of these artifacts in Windows and Outlook. There is one additional artifact which is under administrator control, which is whether the Skype for Business first run experience is displayed. This may be suppressed as described below.

Q2. Is it possible to apply the May update and suppress all Skype for Business artifacts?

A2. No. The task try icon, the menu item in Windows, and several buttons in Outlook will reflect the new Skype brand even if the Lync UI is selected. We do not have the ability to change the behavior of these artifacts in Windows and Outlook. This is because, as with any other Microsoft or 3rd party program that integrates with Windows or Office, we must conform to published standards and interfaces covering application interaction. These standards and interfaces do not provide the ability to switch behavior of the noted artifacts.

Q3. Are there any other issues to keep in mind?

A3. Yes. It is important to keep in mind the user>site>global precedence of policy settings when designing and implementing readiness steps. In some cases, setting only a “global” policy will not be sufficient. In addition, if users in an organization use Lync Basic on their personal, unmanaged computers at home, it may be necessary to communicate the changes to those users since policy settings may not apply to those personal, unmanaged computers.

Q4. Why did we add the new UI to the existing Lync 2013 client rather than waiting for the next version of Office?

A4. We added the new UI to the existing Lync 2013 client in order to make it available to customers sooner, and to ensure that current Lync 2013 customers would have the option to use the new UI now rather than later. This allows them to take advantage of the familiar UI to accelerate adoption within their organizations. As noted above, the new Skype for Business client includes both the new UI and the existing UI – this gives customers the choice of delaying adoption if better for their users and processes.


  1. soder

    This one somehow got hidden / undocumented:
    Skype for Business that is connected to a wireless network crashes during an audio/video or application sharing session

  2. Sam

    That’s all good if not for the fact that I get the same update which is over 100MB in size as well as another one, yet this update is for Skype for Business not for a private user. So why on earth do I need to use over 200MB of my data just to have something I will never need as a private user???


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.