1 min read

Mitigation Instructions for CVE-2021- 34474

Mitigation Instructions for CVE-2021- 34474

SUBJECT: Mitigating CVE-2021-34474: Dynamics Business Central Remote Code Execution Vulnerability

TECH STACK: Microsoft Dynamics 365 Business Central

DATE(S) ISSUED: 07/14/2021

NVD Last Modified: 12/28/2023

CRITICALITY: 7.2 HIGH

OVERVIEW: 

This vulnerability affects Microsoft Dynamics 365 Business Central and could allow an attacker to remotely execute code on a vulnerable system.

SOLUTION/MITIGATION: 

  • The primary mitigation for this vulnerability is to apply the latest security updates from Microsoft. These updates address the vulnerability and significantly reduce the risk of exploitation.

Here's how to apply the security updates:

  • Access the Microsoft Dynamics 365 Admin Center.
  • Navigate to Health > Releases.
  • Select the available update for your version of Business Central.
  • Click Install.

Additional mitigation steps:

  1. Restrict access: Limit access to Business Central to authorized users only. Implement strong authentication methods, such as multi-factor authentication (MFA).
  2. Disable unnecessary features: Disable any functionalities within Business Central that are not required for your organization's operations. This reduces the attack surface and potential entry points for vulnerabilities.
  3. Regularly scan your system: Implement vulnerability scanning tools to identify and address any newly discovered vulnerabilities in your system.
  4. Educate users: Train your users to be aware of phishing attacks and other social engineering techniques that could be used to exploit this vulnerability. Users should be cautious when opening emails or clicking on links, especially those from untrusted sources.

Confirmation & Additional Information:

    • Verify the update installation: After applying the security update, confirm that it has been successfully installed. You can usually check this information within the Microsoft Dynamics 365 Admin Center or through application logs.
    • Stay informed: Regularly check for new security updates from Microsoft and apply them promptly.

REFERENCES:



Mitigation Instructions for CVE-2016-4437

Mitigation Instructions for CVE-2016-4437

Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ

Read More
Mitigation Instructions for CVE-2013-1896

Mitigation Instructions for CVE-2013-1896

Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet

Read More
Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

Read More