What's New in Business Central
Business Central 2025 Wave 1 is here, Get the latest features in our Dynamics 365 Update “what’s new” webinar from the business central experts
Business Central Security
NAV and Business Central Vulnerability Fix CVE 2022 41127
David Curd
Security is a big focus point at Microsoft. The IT giant has a huge budget for ensuring that security is built into all of their solutions, including paying millions per year in rewards to white-hat hackers for discovering security issues in their software as part of security programs. For users of Dynamics NAV or Dynamics 365 Business Central, a new security vulnerability has been found. Here we look at who it affects and how, and how to solve the problem.
Microsoft Announce a Security Vulnerability
Microsoft have announced a security vulnerability ; “Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability”
Part of the security community have discovered the vulnerability, which is detailed by Microsoft here.
Versions Effected
The following versions are effected by this vulnerability.
|
Release Date |
Product |
Platform |
Impact |
Max Severity |
Article |
Download |
Details |
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central Spring 2019 Update |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2018 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2017 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2016 |
|
Remote Code Execution |
Critical |
What does this mean for you?
The details provided by Microsoft suggest that this is not something that is likely to happen, due to the complexity of attacking the vulnerability and that it requires credentials for a user. However, if the issue is successfully exploited the level of access, damage and data that can be stolen means that breach would be severe.
The problem is resolved by means of a cumulative update, which is available irrespective of whether your version is in mainstream support. The amount of work involved will depend on your own specific solution, such as the number of instances (Test, UAT, Dev, etc). This can either be done internally by yourselves, if you have the skillset in your own resource, or by Dynamics Consultants as a chargeable exercise. If you would like us to help with applying the Cumulative Update, please contact our team.
Sustainable Technology: Leveraging Business Software for Eco-Friendly Success
Technology has a reputation of negatively impacting the environment, but it can in fact be used as a tool to improve your business' sustainability credentials. By aligning your business software with green goals, you can reduce environmental impact and drive meaningful change. This approach not only benefits the planet but also enhances your company's reputation and operational efficiency.
Power BI & Business Central: Maximising Your Data's Potential
Integrating Power BI with Dynamics 365 Business Central can transform your business operations by turning your data into actionable insights. Now, with a standard set of reports integrated into Business Central, Power BI has become a core feature of the ERP product.