Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0167 Microsoft Patch Tuesday update for Microsoft Dynamics for October 2020 14 October 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Dynamics 365 (on-premises) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Arbitrary Files -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-16978 CVE-2020-16956 CVE-2020-16943 Member content until: Friday, November 13 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of October 2020. This update resolves 3 vulnerabilities across the following products: [1] Dynamics 365 Commerce Microsoft Dynamics 365 (on-premises) version 8.2 Microsoft Dynamics 365 (on-premises) version 9.0 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-16943 Elevation of Privilege Important CVE-2020-16956 Spoofing Important CVE-2020-16978 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4578106, KB4578105 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX4ZDoONLKJtyKPYoAQglzxAAl6mZ0UnPIsyQLJ8dWvpnK43Z1oeVjmpA IVvHWqb+z481Gl7E2oQeNL0+2xg/Z70xJSMFVUZVOBfXxR+QY8hLVL78QM0sLkam 7Yu/xQX6vYLz0dVlsxBERRdUfqPnw97xb2pjtl7moQP+dHhgI3LMDQg2WPhyMnd0 If+zZ+LMb/ZaC2ocCPlThDsQjvLaJY8fUNIInkm7aXriCnnBwjxg8nS3jmGoTrfQ MqIvyiqSN8bEIDUn0Dia43MS2gq+zyOJZbS8ECGsMhKY/O1glk6p29kSm7geDeA8 FzEp4ONG7/e3n2yZG6cMQNrNSsMa4IThSUBuZNzaxZ2wJ/LLD+bzKhxuZrX28po5 5zbNQe0p08U/PtV2Y53C8djMSm5aFj5C1Onet3FCKsMd3kEZN2mvv0sL2AtNaNwj RJd01bBfjkLmMGWPEFheso+PNCnWXYW7lsrdzexWLDjLhgLhiJGHLLFLt2jclKip zqJ/B0SYz85cnqcfeJqRkvzqAWlU3Xgc4tP4OhxtVwRpSeNRtesjneWaSs90mM49 DBZ/pi8DNv+AqoLHTFlgO+h19lc3bL9sZ+UDXmSMPP7cLr6z5edMZiyU9MiTriB0 QPbDbmIn4qZk7DmHS2rjlfwZaHqXeK1j5bKT0ox8IyUCIfjdDFR7rjGmPNTZDdsn U+NehdsZ27I= =lQ0K -----END PGP SIGNATURE-----