Microsoft vient de publier mise à jour de sécurité pour Lync 2013/skype for business.
Date: 8 décembre 2016
This security update resolves vulnerabilities in Microsoft Lync 2013 and Skype for Business. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-128.
For a complete list of affected software, see Microsoft Knowledge Base article 3104503.
This security update contains the following improvements:
- Adds Cloud-based Discovery
- Uses SSO to autodetect SIP address and start sign in
This security update also contains fixes for the following nonsecurity issues:
- When you are in a public switched telephone network (PSTN) call, and you open a Conversation Window Extension (CWE), the call option controls are covered by the CWE without any way to access the controls without closing the CWE.
- Lync client doesn't show all the fonts if the computer has more than 1,000 fonts.
- 3114328 "You need to install the April 14, 2015 update" error message is displayed when you start Lync 2013
- 3112863 Lync 2013 (Skype for Business) sends corporate error reporting (CER) data after every PC-to-PC and conference call
- 3112864 Media setup may fail and all media diagnostics information is missing in Lync 2013 (Skype for Business)
- 3114326 A hyperlink that is copied from Internet Explorer can't be pasted into Lync 2013 (Skype for Business)
- 3114325 Response Group Service group member notification is displayed frequently in Lync 2013 (Skype for Business)
- 3112796 Adds a new GPO to control which proxy setting is used when both PAC and manual proxy are used in Skype for Business
- 3101548 Attendees can't see the shared desktop when they join an online meeting as anonymous users in Lync 2013