KLA11750
Multiple vulnerability in Microsoft Dynamics
Обновлено: 29/05/2020
Дата обнаружения
14/04/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Dynamics Business Central can be exploited remotely to execute arbitrary code.
  2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
  3. Unspecified Microsoft Dynamics Business can be exploited remotely to obtain sensitive information.
Пораженные продукты

Dynamics 365 Server, version 9.0 (on-premises)
Microsoft Dynamics 365 BC On Premise
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2016
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics NAV 2018
Microsoft Dynamics NAV 2013
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2015

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-1022
CVE-2020-1050
CVE-2020-1049
CVE-2020-1018
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
CVE-2020-10220.0Unknown
CVE-2020-10500.0Unknown
CVE-2020-10490.0Unknown
CVE-2020-10180.0Unknown
KB list

4538593
4549673
4557700
4557699
4549676
4549674
4549678
4549675
4549677

Microsoft official advisories
Microsoft Security Update Guide