[German]A short addendum to the patchday August 11, 2020, where Microsoft has also released an update for Microsoft Dynamics 365. This will fix the remote execution vulnerability CVE-2020-1182.
Advertising
In a security warning dated August 13, 2020 Microsoft explicitly points out this fact again.
************************************************************
Title: Microsoft Security Update Releases
Issued: August 12, 2020
************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2020-1182
Revision Information:
=====================
Advertising
* CVE-2020-1182
– CVE-2020-1182 | Microsoft Dynamics 365 for Finance and Operations (on-premises)
Remote Code Execution Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: August 12, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Critical
Vulnerability CVE-2020-1182
Vulnerability CVE-2020-1182 is a bug that allows remote code execution (RCE) on Microsoft Dynamics 365 (on-premises). Applies to Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could remotely execute code by executing server-side scripts on the victim's server.
An authenticated attacker with permission to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update that Microsoft issued addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input. The updates are available from this page.
Advertising
