Microsoft Security Advisories April 14, and 21, 2020

[German]Microsoft has published Security Advisories for a critical RCE vulnerability (CVE-2020-0905) in Microsofts Dynamics Business Central. And there are security advisories for an update to the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability.


Advertising

RCE vulnerability in Dynamics Business Central

The vulnerability has been known since March 2020 – but Microsoft has changed recently the download links and this has been communicated with a security advisory. Here is the information.

Title: Microsoft Security Update Releases
Issued: April 14, 2020
***************************************
CVE CVE-2020-0905 has undergone a major revision increment:
Revision Information:

CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability
–  – Version: 2.0
– Reason for Revision: In the Security Updates table, corrected the Download links for
the following products: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 BC On
Premise, Dynamics 365 Business Central 2019 Spring Update,
and Dynamics 365 Business
Central 2019 Release Wave 2 (On-Premise). Customers who are running one of these
affected versions of Microsoft Dynamics should ensure that they have downloaded and
installed the most recent updates to be protected from this vulnerability.
– Originally posted: March 10, 2020
– Updated: April 14, 2020
– Aggregate CVE Severity Rating: Critical

Administrators should install the security update to be protected against the RCE vulnerability.

Update for Autodesk FBX Library

In a Security Advisory Notification dated April 21, 2020, Microsoft refers to an update for its Autodesk FBX library. Here are the details:


Advertising

* Microsoft Security Advisory ADV200004

ADV200004 | Availability of updates for Microsoft software utilizing the
Autodesk FBX library
–  – Reason for Revision: Information published.
– Originally posted: April 21, 2020
– Updated: N/A
– Version: 1.0

This is an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library that is integrated with Microsoft Office and Paint 3D applications. Bleeping Computer has posted an article on the topic here.

OpenSSL Remote Denial of Service vulnerability

OpenSSL contains a remotely exploitable Denial of Service vulnerability pointed out by Microsoft in a security advisory dated April 21, 2020.

* Microsoft Security Advisory ADV200007

ADV200007 | OpenSSL Remote Denial of Service Vulnerability-
– Reason for Revision: Information published.
– Originally posted: April 21, 2020
– Updated: N/A
– Version: 1.0


Advertising

This entry was posted in Security, Software, Update and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).