CVE-2020-1462

Name of the Vulnerable Software and Affected Versions Skype for Business (affected versions not specified) Microsoft Edge (EdgeHTML-based) (affected versions not specified)

Description The issue is related to an information disclosure vulnerability when accessing Skype for Business via Microsoft Edge (EdgeHTML-based). This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information by opening a specially crafted link in the application. An attacker who exploits this vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile.

Recommendations For Skype for Business, consider restricting access to sensitive user information until a fix is available. For Microsoft Edge (EdgeHTML-based), avoid using it to access Skype for Business until the issue is resolved. As a temporary workaround, consider disabling the ability to place calls from within Skype for Business when accessed via Microsoft Edge (EdgeHTML-based) to minimize the risk of exploitation.