David Curd
Security is a big focus point at Microsoft. The IT giant has a huge budget for ensuring that security is built into all of their solutions, including paying millions per year in rewards to white-hat hackers for discovering security issues in their software as part of security programs. For users of Dynamics NAV or Dynamics 365 Business Central, a new security vulnerability has been found. Here we look at who it affects and how, and how to solve the problem.
Microsoft have announced a security vulnerability ; “Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability”
Part of the security community have discovered the vulnerability, which is detailed by Microsoft here.
The following versions are effected by this vulnerability.
|
Release Date |
Product |
Platform |
Impact |
Max Severity |
Article |
Download |
Details |
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 1 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Dynamics 365 Business Central Spring 2019 Update |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2018 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2017 |
|
Remote Code Execution |
Critical |
|||
|
Dec 13, 2022 |
Microsoft Dynamics NAV 2016 |
|
Remote Code Execution |
Critical |
The details provided by Microsoft suggest that this is not something that is likely to happen, due to the complexity of attacking the vulnerability and that it requires credentials for a user. However, if the issue is successfully exploited the level of access, damage and data that can be stolen means that breach would be severe.
The problem is resolved by means of a cumulative update, which is available irrespective of whether your version is in mainstream support. The amount of work involved will depend on your own specific solution, such as the number of instances (Test, UAT, Dev, etc). This can either be done internally by yourselves, if you have the skillset in your own resource, or by Dynamics Consultants as a chargeable exercise. If you would like us to help with applying the Cumulative Update, please contact our team.
Your ERP system can be a powerful tool to streamline your business' manufacturing processes. By integrating diverse functions such as inventory management, production planning and quality control, an ERP system helps reduce operational costs and enhance productivity.
An enterprise resource planning (ERP) system is a powerful tool that can streamline your entire supply chain by automating business processes and improving visibility. Integrating an ERP solution allows you to optimise core functions and create a more responsive chain of suppliers. This integration not only increases efficiency but also ensures you remain competitive.
In a world where data security is paramount, you need a system that offers robust protection. Dynamics 365 Business Central is renowned as the most secure ERP platform due to the cloud-based infrastructure wrapped in Microsoft's advanced security features. We explore those features.