-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0080
                  Security update for Microsoft Dynamics
                               15 April 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Dynamics 365 Business Central 2019 (On-Premise)
                      Microsoft Dynamics 365 Business Central 2019
                      Microsoft Dynamics NAV
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Unauthorised Access             -- Remote/Unauthenticated      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-1022 CVE-2020-1018 
Member content until: Friday, May 15 2020

OVERVIEW

        
        Microsoft has released its monthly security patch update for the month 
        of April 2020.
        
        This update resolves 2 vulnerabilities across the following products:[1]
        
         Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
         Dynamics 365 Business Central 2019 Spring Update
         Microsoft Dynamics 365 BC On Premise
         Microsoft Dynamics NAV 2013
         Microsoft Dynamics NAV 2015
         Microsoft Dynamics NAV 2016
         Microsoft Dynamics NAV 2017
         Microsoft Dynamics NAV 2018


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-1018   Information Disclosure   Important
         CVE-2020-1022   Remote Code Execution    Critical


MITIGATION

        Microsoft recommends updating the software with the version made available 
        on the Microsoft Update Catalogue for the following Knowledge Base articles. 
        [1]
        
         KB4549673, KB4549675, KB4549674, KB4557699, KB4557700
         KB4549676, KB4549678, KB4549677


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXpaFfWaOgq3Tt24GAQgbUA//WSQRoTVdkh+Z+8x3EqnUUdkDtv2wvho0
ex9s+DR/oTyAZ/0f6RNkP0AQjLHJLGm7BXcklOygTCGbSzERcUYW51ST0H8puKBp
HhlpQtiFGLOVTbXBPzM1puY6rvwieVcWd+3aAh9VNkhRa28VaFXdv3qaoJWXbNFl
J+nsgmB9PNsRXq18GLUtBAEUPTIKxQuIYfO/kQTDEfb2xQkgC5kwsoRGok9qxKe+
zrqprEzZuWCFnkN5QZKauOZZeXoA1611F8qSlra/u6pIpvXDimNgFzTp0wbcekSn
wK4LMcnkM98/lUwQLjj0ObvpDuR/tFfRoNBsuVaIMTmDi4PRP5zZc3zWZySF6rfA
o9nHFWjMN8fDsZP5NxOQ+pFsqMtqGOgC/r6L5U48uTJKheVp3Iqwj9wrdKtbsBPM
KdWeGky8rWMAy84ipwtfv4AJQM0b0UezOT6sk+lSC+LGQaCqcE4EFOniXDDGWDli
Gj0iys0d8tHfNHo5WaxgEVPyEhuY6sg4IpH8qrFT5moLUaMtt1IQFijNmVOdphoj
Ztftmg9lT11dkl8hIuQUo+bhqBqLkoRjuuV4XYeWVXtdsXBWEzWBiVLd4JWemn3E
eQbIr+K4CyBXvGYqkZCe/gRON8SLLb1HpSjDrJSENEISUHVUFnrQ7TwvCdokukyV
wfOlI3C8Om4=
=f9GC
-----END PGP SIGNATURE-----