Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Introduction:
On 11th January 2023, Microsoft announced a vulnerability in NAV 2016, NAV 2017, and Business Central (On-Premise), and the fixes are shared below.
Pre-requisites:
- Used / Implemented NAV 2016/2017 or Business Central On-Premise
Books & References:
- CVE-2022-411Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
- CVE - CVE-2022-41127 (mitre.org)
- CVE-2022-41127: Download localized DVDs for Dynamics NAV 2016 and NAV 2017 - Dynamics 365 Business Central Community
- What is Remote Code Execution (RCE)? - GeeksforGeeks
- CVE-2022-41127 - Security Update Guide - Microsoft - Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Details:
NOTE: THIS VULNERABILITY IS CRITICAL IN NATURE.
1. Vulnerability:
Microsoft identified Remote Code Execution Vulnerabilities in NAV 2016, NAV2017, and Business Central On-Premise. While the fixes are released below.
Microsoft identified Remote Code Execution Vulnerabilities in NAV 2016, NAV2017, and Business Central On-Premise. While the fixes are released below.
Versions of NAV and Business Central were affected as follows -
2. Resolution:
If you are using Business Central Online, you are free
Visit CVE-2022-41127 - Security Update Guide - Microsoft - Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability to download the security update for your installed versions
For versions that are out of mainstream support can you visit CVE-2022-41127: Download localized DVDs for Dynamics NAV 2016 and NAV 2017 - Dynamics 365 Business Central Community or download from the list below.
Dynamics NAV 2016 (version 9.0)
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/W1DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.AT.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.AU.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.BE.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.CH.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.CZ.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.DE.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.DK.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.ES.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.FI.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.FR.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.GB.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.IN.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.IS.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.IT.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.NA.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.NL.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.NO.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.NZ.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.RU.8522030.DVD.zip
- https://download.microsoft.com/download/9/c/b/9cb2a25f-255f-41d2-a677-5261098a7362/Dynamics.90.SE.8522030.DVD.zip
Dynamics NAV 2017 (version 10.0)
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/W1DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.AT.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.AU.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.BE.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.CH.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.CZ.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.DE.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.DK.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.ES.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.FI.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.FR.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.GB.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.IS.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.IT.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.NA.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.NL.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.NO.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.NZ.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.RU.3307120.DVD.zip
- https://download.microsoft.com/download/e/a/2/ea2c9509-3f7b-43a2-b64d-cbaf0ece9926/Dynamics.100.SE.3307120.DVD.zip
Conclusion:
Please note that the vulnerability is critical in nature and will affect your NAV/BC installation as well. Download and install the latest security patches as soon as possible.
Comments
Post a Comment
Let me know your comments below. I'll try my best to answer your comment