Microsoft Dynamics 365 Sales 权限提升漏洞

攻击者可以利用此SSRF漏洞向Dynamics 365 Sales服务器发起请求，伪造目标服务器的身份。这使得攻击者能够访问内部资源，绕过安全措施，并可能导致敏感数据泄露。例如，攻击者可以利用此漏洞扫描内部网络，发现未受保护的服务，或者访问存储在云存储服务中的敏感数据。由于Dynamics 365 Sales通常用于管理客户关系和销售流程，因此该漏洞可能导致客户数据泄露，损害企业声誉。此漏洞的潜在影响类似于其他SSRF漏洞，例如可以访问内部API或数据库。

Organizations heavily reliant on Microsoft Dynamics 365 Sales for their sales operations are at significant risk. Specifically, deployments with overly permissive network configurations or users with excessive privileges are particularly vulnerable. Shared hosting environments where Dynamics 365 Sales instances share network resources also face increased risk.

• windows / dotnet: Monitor Dynamics 365 Sales logs for outbound requests to internal IP addresses or unusual domains. Use PowerShell to check for suspicious scheduled tasks or processes related to Dynamics 365 Sales.

Get-Process -Name "Dynamics365Sales*" | Select-Object -ExpandProperty CommandLine

• generic web: Monitor web server access logs for requests originating from Dynamics 365 Sales to internal resources. Examine response headers for signs of SSRF exploitation. • database (mysql, redis, mongodb, postgresql): If Dynamics 365 Sales connects to a database, monitor database logs for unusual queries or access patterns originating from the Dynamics 365 Sales application.

1. 2025-02-06Disclosure

   disclosure

1. 已保留2024-12-05
2. 发布日期2025-02-06
3. 修改日期2026-02-13
4. EPSS 更新日期2026-04-02

微软已发布安全补丁以修复此漏洞。建议用户尽快更新Dynamics 365 Sales至修复版本。如果无法立即更新，可以考虑实施以下缓解措施：限制Dynamics 365 Sales的外部网络访问，使用网络防火墙阻止对敏感资源的访问，并实施严格的身份验证和授权控制。此外，可以考虑使用Web应用防火墙(WAF)来检测和阻止SSRF攻击。监控Dynamics 365 Sales的日志，查找可疑的请求模式，并定期进行安全审计。