[German]Microsoft has published Security Advisories for a critical RCE vulnerability (CVE-2020-0905) in Microsofts Dynamics Business Central. And there are security advisories for an update to the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability.
Advertising
RCE vulnerability in Dynamics Business Central
The vulnerability has been known since March 2020 – but Microsoft has changed recently the download links and this has been communicated with a security advisory. Here is the information.
Title: Microsoft Security Update Releases
Issued: April 14, 2020
***************************************
CVE CVE-2020-0905 has undergone a major revision increment:
Revision Information:
– CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability
– – Version: 2.0
– Reason for Revision: In the Security Updates table, corrected the Download links for
the following products: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 BC On
Premise, Dynamics 365 Business Central 2019 Spring Update,
and Dynamics 365 Business
Central 2019 Release Wave 2 (On-Premise). Customers who are running one of these
affected versions of Microsoft Dynamics should ensure that they have downloaded and
installed the most recent updates to be protected from this vulnerability.
– Originally posted: March 10, 2020
– Updated: April 14, 2020
– Aggregate CVE Severity Rating: Critical
Administrators should install the security update to be protected against the RCE vulnerability.
Update for Autodesk FBX Library
In a Security Advisory Notification dated April 21, 2020, Microsoft refers to an update for its Autodesk FBX library. Here are the details:
Advertising
* Microsoft Security Advisory ADV200004
– ADV200004 | Availability of updates for Microsoft software utilizing the
Autodesk FBX library
– – Reason for Revision: Information published.
– Originally posted: April 21, 2020
– Updated: N/A
– Version: 1.0
This is an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library that is integrated with Microsoft Office and Paint 3D applications. Bleeping Computer has posted an article on the topic here.
OpenSSL Remote Denial of Service vulnerability
OpenSSL contains a remotely exploitable Denial of Service vulnerability pointed out by Microsoft in a security advisory dated April 21, 2020.
* Microsoft Security Advisory ADV200007
– ADV200007 | OpenSSL Remote Denial of Service Vulnerability-
– Reason for Revision: Information published.
– Originally posted: April 21, 2020
– Updated: N/A
– Version: 1.0
Advertising