Directions EMEA 2024
Directions EMEA 2024 Vienna updates and news from our team at the event. Get Business Central Updates.
Business Central Security
NAV and Business Central Vulnerability Fix CVE 2022 41127
David Curd
Security is a big focus point at Microsoft. The IT giant has a huge budget for ensuring that security is built into all of their solutions, including paying millions per year in rewards to white-hat hackers for discovering security issues in their software as part of security programs. For users of Dynamics NAV or Dynamics 365 Business Central, a new security vulnerability has been found. Here we look at who it affects and how, and how to solve the problem.
Microsoft Announce a Security Vulnerability
Microsoft have announced a security vulnerability ; “Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability”
Part of the security community have discovered the vulnerability, which is detailed by Microsoft here.
Versions Effected
The following versions are effected by this vulnerability.
|
Release Date |
Product |
Platform |
Impact |
Max Severity |
Article |
Download |
Details |
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central Spring 2019 Update |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2018 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2017 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2016 |
|
Remote Code Execution |
Critical |
What does this mean for you?
The details provided by Microsoft suggest that this is not something that is likely to happen, due to the complexity of attacking the vulnerability and that it requires credentials for a user. However, if the issue is successfully exploited the level of access, damage and data that can be stolen means that breach would be severe.
The problem is resolved by means of a cumulative update, which is available irrespective of whether your version is in mainstream support. The amount of work involved will depend on your own specific solution, such as the number of instances (Test, UAT, Dev, etc). This can either be done internally by yourselves, if you have the skillset in your own resource, or by Dynamics Consultants as a chargeable exercise. If you would like us to help with applying the Cumulative Update, please contact our team.
What's New in Business Central
Business Central 2024 Wave 2 is here, Get the latest features in our Dynamics 365 Update “what’s new” webinar from the business central experts
Streamlined Order Fulfilment: Enhancing Efficiency with Process Control in Business Central
Whether your business is B2B or B2C, your order fulfilment process can have a dramatic impact on your brand and customer loyalty. You play a vital role in optimising the entire process to enhance customer satisfaction and streamline operations.