QID 91828

Date Published: 2021-10-13

QID 91828: Microsoft Dynamics 365 Security Update for October 2021

Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

CVE-2021-34524:Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-36950:Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability.

Affected Software:
Microsoft Dynamics 365(on-premise) version 9.0
Microsoft Dynamics 365 Customer Engagement 9.0
Microsoft Dynamics 365(on-premise) version 9.1
Microsoft Dynamics 365 Customer Engagement 9.1

QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:

An attacker could conduct spoofing attacks, which may aid further exploitations.

  • CVSS V3 rated as High - 6.1 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Customers are advised to refer to CVE-2021-41354, CVE-2021-41353 and CVE-2021-40457 for more details pertaining to this vulnerability.

    CVEs related to QID 91828

    Software Advisories
    Advisory ID Software Component Link
    CVE-2021-40457 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40457
    CVE-2021-41353 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41353
    CVE-2021-41354 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41354