![]() For versions out of support in modern lifecycle, DVD have been refreshed with a new one by December 2022 that contains the platform changes to resolve the security problem. The minor version represents the earlies build where the issue has been fixed. Regarding Dynamics 365 Business Central patching, you can follow the simple table provided below. To help on spreading the informations across partners, here is a recap of what you need to know. My friend Duilio Tacconi (Microsoft CSS) wrote a great summary of what you need to know for patching the vulnerability. Patching this should be an high priority for partners and mitigation requires to install a platform update. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call. The opened port could be used to connect with the WCF TCP protocol. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system. The vulnerability exists due to insufficient validation of user-supplied input in the Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises). ![]() On DecemMicrosoft disclosed a security vulnerability (coded CVE-2022-41127) that affects the on-premises versions of Dynamics 365 Business Central and Dynamics NAV.Īn attacker who successfully exploited this vulnerability in Dynamics NAV and BC could execute code on the host server in the context of the service account Dynamics has been configured to use.
0 Comments
Leave a Reply. |