Kaspersky Threats

Detect date

?

09/08/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely via specially crafted request to execute arbitrary code.
A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely via specially crafted file to execute arbitrary code.

Affected products

Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 8.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-16872
CVE-2020-16860
CVE-2020-16862
CVE-2020-16864
CVE-2020-16878
CVE-2020-16861
CVE-2020-16871
CVE-2020-16858
CVE-2020-16859
CVE-2020-16857

Impacts

?

ACE

[?]

SUI

[?]

Detect date ?	09/08/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface. A remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely via specially crafted request to execute arbitrary code. A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely via specially crafted file to execute arbitrary code.
Affected products	Dynamics 365 for Finance and Operations Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 8.2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-16872 CVE-2020-16860 CVE-2020-16862 CVE-2020-16864 CVE-2020-16878 CVE-2020-16861 CVE-2020-16871 CVE-2020-16858 CVE-2020-16859 CVE-2020-16857
Impacts ?	ACE [?] SUI [?]
Related products	Microsoft Dynamics 365
CVE-IDS ?	CVE-2020-168723.5Warning CVE-2020-168606.5High CVE-2020-168626.5High CVE-2020-168643.5Warning CVE-2020-168783.5Warning CVE-2020-168613.5Warning CVE-2020-168713.5Warning CVE-2020-168583.5Warning CVE-2020-168593.5Warning CVE-2020-168576.5High
KB list	4577501 4574742
	Find out the statistics of the vulnerabilities spreading in your region

KLA11953Multiple vulnerabilities in Microsoft Dynamics

KLA11953
Multiple vulnerabilities in Microsoft Dynamics