This security update resolves a vulnerability in Microsoft Lync that could allow information disclosure if a user opens a specially crafted Lync meeting request.
This security update for Microsoft Lync 2013 includes the new Skype for Business client.
- Get the 32-bit version of Lync 2013 (Skype for Business)
- Get the 64-bit version of Lync 2013 (Skype for Business)
- KB 3051158 “Help isn’t working” error occurs when you open the “Skype for Business Help” window in Skype for Business
- KB 3051516 “Copy” and “Select All” menu items are disabled for the first instant message in a conversation in Skype for Business
- KB 3053114 Cannot open links without the “http://” prefix and the links that are to a OneNote page in Skype for Business
- KB 3051160 Cannot join meetings by using Lync 2010 after you install OneDrive for Business
- KB 3053998 Memory leak occurs when you transfer a file that is larger than 5 megabytes (MB) in a conversation in Skype for Business
- KB 3063382 Non-English localized strings are not updated in Outlook after you apply security update 3039779 for Skype for Business
- KB 3063390 Arabic text is not right-to-left aligned in meeting invitation body when you create a Skype for Business online meeting
Improvements and fixes
- May 12, 2015, security update for Skype for Business (Lync 2013) changes text strings in Outlook add-in
- KB 3057563 Outgoing calls are disconnected in Skype for Business or Lync 2013 when you press the Spacebar or the Enter key
- KB 3057559 Skype for Business or Lync 2013 client certificates do not begin to renew within the correct time before they expire
- KB 3057558 User interface is misaligned in tabbed conversation that is created after an RCC user ends a call in Skype for Business
- KB 3057556 “An error occurred during this screen presentation” error occurs in application sharing conference in Skype for Business
- KB 3057551 Cannot paste an image into an instant message in Skype for Business when you copy the image from Internet Explorer
- KB 3057550 Update enables users to copy instant messages without author name and time stamp in Skype for Business (Lync 2013)
- KB 3057549 The “Allow with URL” feature does not work in a client policy for Skype for Business in a Lync Server 2013 environment
- KB 3057548 Buttons are not displayed on sharing toolbar when you use full screen in a sharing session in Skype for Business
- KB 3057546 Lync 2013 does not show AD DS user’s display name in the toast notification of the first incoming PSTN call
- KB 3057545 HYPERLINK “<URL>” is displayed as a prefix of a pasted text in Notepad when you copy the text from Skype for Business
- KB 3057518 Presence status of a contact isn’t updated in your Skype for Business after the contact disconnects from network
- KB 3057517 Contact card appears when you click a URL that contains the “@” character in a received message in Skype for Business
- KB 3057516 Skype contacts can see your presence status after you remove them from contact list in Skype for Business
- KB 3054008 CPU usage increases largely when you have multiple animated emoticons in conversations in Skype for Business
- KB 3051517 Receiver cannot open or save transferred files in a chat room in Skype for Business
Q&A From Microsoft:
Q1. Is the Lync UI identical to the Lync 2013 UI? Are there changes or artifacts that administrators must be aware of?
A1. People who use the Lync UI in the new client will have an experience which is very close, but not identical to the old experience. Specifically, while the traditional Lync windows and controls are unchanged, the task tray icon, the menu item in Windows, and several buttons in Outlook reflect the new Skype brand. We unfortunately do not have the ability to change the behavior of these artifacts in Windows and Outlook. There is one additional artifact which is under administrator control, which is whether the Skype for Business first run experience is displayed. This may be suppressed as described below.
Q2. Is it possible to apply the May update and suppress all Skype for Business artifacts?
A2. No. The task try icon, the menu item in Windows, and several buttons in Outlook will reflect the new Skype brand even if the Lync UI is selected. We do not have the ability to change the behavior of these artifacts in Windows and Outlook. This is because, as with any other Microsoft or 3rd party program that integrates with Windows or Office, we must conform to published standards and interfaces covering application interaction. These standards and interfaces do not provide the ability to switch behavior of the noted artifacts.
Q3. Are there any other issues to keep in mind?
A3. Yes. It is important to keep in mind the user>site>global precedence of policy settings when designing and implementing readiness steps. In some cases, setting only a “global” policy will not be sufficient. In addition, if users in an organization use Lync Basic on their personal, unmanaged computers at home, it may be necessary to communicate the changes to those users since policy settings may not apply to those personal, unmanaged computers.
Q4. Why did we add the new UI to the existing Lync 2013 client rather than waiting for the next version of Office?
A4. We added the new UI to the existing Lync 2013 client in order to make it available to customers sooner, and to ensure that current Lync 2013 customers would have the option to use the new UI now rather than later. This allows them to take advantage of the familiar UI to accelerate adoption within their organizations. As noted above, the new Skype for Business client includes both the new UI and the existing UI – this gives customers the choice of delaying adoption if better for their users and processes.
This one somehow got hidden / undocumented:
Skype for Business that is connected to a wireless network crashes during an audio/video or application sharing session
That’s all good if not for the fact that I get the same update which is over 100MB in size as well as another one, yet this update is for Skype for Business not for a private user. So why on earth do I need to use over 200MB of my data just to have something I will never need as a private user???