Business Central Security

NAV and Business Central Vulnerability Fix CVE 2022 41127

David Curd

12 January 2023

Technology,

Dynamics 365 Business Central

Tags:

NAV

Security

Security is a big focus point at Microsoft. The IT giant has a huge budget for ensuring that security is built into all of their solutions, including paying millions per year in rewards to white-hat hackers for discovering security issues in their software as part of security programs. For users of Dynamics NAV or Dynamics 365 Business Central, a new security vulnerability has been found. Here we look at who it affects and how, and how to solve the problem.

NAV and Business Central Vulnerability Fix CVE 2022 41127

Microsoft Announce a Security Vulnerability

Microsoft have announced a security vulnerability ; “Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability”

Part of the security community have discovered the vulnerability, which is detailed by Microsoft here.

Versions Effected

The following versions are effected by this vulnerability.

Release Date	Product	Platform	Impact	Max Severity	Article	Download	Details
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2021 Release Wave 1		Remote Code Execution	Critical	5019239	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2022 Release Wave 2		Remote Code Execution	Critical	5021672	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2021 Release Wave 2		Remote Code Execution	Critical	5021670	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2022 Release Wave 1		Remote Code Execution	Critical	5021671	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2020 Release Wave 1		Remote Code Execution	Critical	5010910	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics 365 Business Central 2020 Release Wave 2		Remote Code Execution	Critical	5013420	Security Update	CVE-2022-41127
Dec 13, 2022	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)		Remote Code Execution	Critical	4528706	Security Update	CVE-2022-41127
Dec 13, 2022	Dynamics 365 Business Central Spring 2019 Update		Remote Code Execution	Critical	5021669	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics NAV 2018		Remote Code Execution	Critical	5021668	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics NAV 2017		Remote Code Execution	Critical	5010202	Security Update	CVE-2022-41127
Dec 13, 2022	Microsoft Dynamics NAV 2016		Remote Code Execution	Critical	5005293	Security Update	CVE-2022-41127

What does this mean for you?

The details provided by Microsoft suggest that this is not something that is likely to happen, due to the complexity of attacking the vulnerability and that it requires credentials for a user. However, if the issue is successfully exploited the level of access, damage and data that can be stolen means that breach would be severe.

The problem is resolved by means of a cumulative update, which is available irrespective of whether your version is in mainstream support. The amount of work involved will depend on your own specific solution, such as the number of instances (Test, UAT, Dev, etc). This can either be done internally by yourselves, if you have the skillset in your own resource, or by Dynamics Consultants as a chargeable exercise. If you would like us to help with applying the Cumulative Update, please contact our team.

Contact Our Team

David Curd

Before joining Dynamics Consultants, David worked in a support role for a company that supplies back office and point-of-sale (POS) software to retailers. Dave’s role in the company is resolve more difficult customer issues and oversee infrastructure work.

D365 Business Central vs Sage 200: Comparing Sage 50 Upgrade Options

16 June 2025

Choosing the right ERP system when moving on from Sage 50 can shape how efficiently your business grows and adapts. If you want advanced features, greater flexibility and easier integration with familiar Microsoft tools, Microsoft Dynamics 365 Business Central is often the stronger option compared to Sage 200. As real-time data insight, automation and scalability are now necessities and not luxuries, your ERP upgrade decision is more important than ever.

Generative AI For Business: a Guide

09 June 2025

Generative AI continues to reshape how organisations operate and compete, delivering powerful tools that can drive efficiency and boost creativity. By using generative AI in your business, you can automate tasks, generate personalised customer service agents and unlock new insights to support better decision making.

The Most Useful Power BI Features

09 June 2025

Power BI continues to transform how organisations handle data by making complex analytics more accessible. By understanding the most useful Power BI features, you can create clearer reports, uncover valuable insights and improve decision-making within your business.

Business Management

Productivity Add-ons

Operations Add-ons

e-Commerce Solutions

Integrated Tools

Software Services

ERP Without The Pain

Business Central Training Centre

Business Central Support

About Dynamics Consultants

Popular Blogs

Business Central on YouTube

NAV and Business Central Vulnerability Fix CVE 2022 41127

Microsoft Announce a Security Vulnerability

Versions Effected

What does this mean for you?

David Curd

D365 Business Central vs Sage 200: Comparing Sage 50 Upgrade Options

Generative AI For Business: a Guide

The Most Useful Power BI Features

Business Management

e-Commerce Solutions

Integrated Tools

Software Services

About Dynamics Consultants

NAV and Business Central Vulnerability Fix CVE 2022 41127

Microsoft Announce a Security Vulnerability

Versions Effected

What does this mean for you?

David Curd

Share