Skype for Business SSRF (CVE-2023-41763)
Description
Skype for Business contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2023-41763) that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal network resources. By exploiting this vulnerability, attackers can bypass network perimeter controls and use the Skype for Business server as a proxy to scan, enumerate, or interact with internal systems that are not directly accessible from the internet.
Remediation
Apply the security updates provided by Microsoft to remediate this vulnerability:
1. Review the Microsoft Security Response Center advisory for CVE-2023-41763 to identify affected versions of Skype for Business Server
2. Download and install the appropriate security update from Microsoft Update Catalog or through Windows Update
3. Restart the Skype for Business services after applying the patch
4. Verify the patch installation by checking the version number in the Skype for Business Server Control Panel
As additional defense-in-depth measures:
• Implement network segmentation to limit the Skype for Business server's access to sensitive internal resources
• Configure egress filtering to restrict outbound connections from the server to only necessary destinations
• Monitor server logs for suspicious DNS queries or unusual outbound connection attempts