Endpoint Vulnerability

Microsoft: Dynamics Business Central Remote Code Execution Vulnerability

Description

An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who succesfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into connect to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution. The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victim s server.

Affected Products

Dynamics 365 Business Central 2019 Spring Update,Microsoft Dynamics NAV 2013,Microsoft Dynamics 365 BC On Premise,Microsoft Dynamics NAV 2015,Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise),Microsoft Dynamics NAV 2017,Microsoft Dynamics NAV 2016,Microsoft Dynamics NAV 2018

References

CVE-2020-0905,