Kaspersky Threats

Detect date

?

04/14/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Dynamics Business Central can be exploited remotely to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
Unspecified Microsoft Dynamics Business can be exploited remotely to obtain sensitive information.

Affected products

Dynamics 365 Server, version 9.0 (on-premises)
Microsoft Dynamics 365 BC On Premise
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2016
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics NAV 2018
Microsoft Dynamics NAV 2013
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2015

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-1022
CVE-2020-1050
CVE-2020-1049
CVE-2020-1018

Impacts

?

ACE

[?]

OSI

[?]

SUI

[?]

Detect date ?	04/14/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Dynamics Business Central can be exploited remotely to execute arbitrary code. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface. Unspecified Microsoft Dynamics Business can be exploited remotely to obtain sensitive information.
Affected products	Dynamics 365 Server, version 9.0 (on-premises) Microsoft Dynamics 365 BC On Premise Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2016 Dynamics 365 Business Central 2019 Spring Update Microsoft Dynamics NAV 2018 Microsoft Dynamics NAV 2013 Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Microsoft Dynamics NAV 2015
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-1022 CVE-2020-1050 CVE-2020-1049 CVE-2020-1018
Impacts ?	ACE [?] OSI [?] SUI [?]
Related products	Microsoft Dynamics 365
CVE-IDS ?	CVE-2020-10226.0High CVE-2020-10504.3Warning CVE-2020-10493.5Warning CVE-2020-10185.0Critical
KB list	4538593 4549673 4557700 4557699 4549676 4549674 4549678 4549675 4549677
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11750Multiple vulnerability in Microsoft Dynamics

KLA11750
Multiple vulnerability in Microsoft Dynamics