Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0046
Microsoft Patch Tuesday update for Dynamics for February 2021
10 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
Operating System: Windows
Impact/Access: Provide Misleading Information -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-24101 CVE-2021-1724
OVERVIEW
Microsoft has released its monthly security patch update for the
month of February 2021.
This update resolves 2 vulnerabilities across the following products:
[1]
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-1724 Spoofing Important
CVE-2021-24101 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software to the latest available
version available on the Microsoft Update Catalog. [1].
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYCNZseNLKJtyKPYoAQj0kBAAnpwvqRdqMqvNCWzJW/VEb2TnjY/0YW9l
7bcVZB+VEcBpraGdhCZ8zobsJ4BuWQczPxN5kPpoZp/RBL3I6fv6js+0oAF44sSS
7KASjGU5Jaziy2IcZqKRR8eCP877Z5Yd9cxfpdxCgcVcLiUBQrzvlbOsznTxON5r
12DCQGRDkkPOnLwV7Wz6BwfsXeA6vyJzT70zwR8UuK3qWibaR+MyoG8KC/8iZFpK
PQnDDARFyClKcx01ndojOo6BZCmyJoo/P8hhp6Vowj28d8H7LsAqpG4/nBM3QhK1
fYBaaZ9MgsZLjcnJIgPXbZ/Dbq1H5pm4JPvJJHqsijyqQNETwN89x992AKSTfOuk
dtMtaDbzBLnpjq4qk90ZWfiHiEZ/U1tgIO1nr4BMB0whBqyCnOqj94bLi4apYoJH
8fu0uyyvMxFJsum9ayoDBIfmWJQSNMTCO8OZfMCRIkDUEhs0y7F/EEDlDi52oXyy
1DSJ9lIMVcvZqwzvmM2csSVN+Xcr17W9UCdLNR4lmn10hb6bsI6+DxWoOudaktVE
KvlU5xP4PSF+MSIlXW9oUyXW1BK+uIWzoyB2IAxY5mQ4TfO+P4yjawH5MIQur4TJ
HeNr+7e4A1VMghEVMvI+OiUT2KaIeqJxF7meJj+Vp7EU+wMz835sLN5rshUtTdYk
dpJlCyWpeHQ=
=SQ0v
-----END PGP SIGNATURE-----