SUBJECT: Mitigating CVE-2021-34474: Dynamics Business Central Remote Code Execution Vulnerability
TECH STACK: Microsoft Dynamics 365 Business Central
DATE(S) ISSUED: 07/14/2021
NVD Last Modified: 12/28/2023
CRITICALITY: 7.2 HIGH
OVERVIEW:
This vulnerability affects Microsoft Dynamics 365 Business Central and could allow an attacker to remotely execute code on a vulnerable system.
SOLUTION/MITIGATION:
- The primary mitigation for this vulnerability is to apply the latest security updates from Microsoft. These updates address the vulnerability and significantly reduce the risk of exploitation.
Here's how to apply the security updates:
- Access the Microsoft Dynamics 365 Admin Center.
- Navigate to Health > Releases.
- Select the available update for your version of Business Central.
- Click Install.
Additional mitigation steps:
- Restrict access: Limit access to Business Central to authorized users only. Implement strong authentication methods, such as multi-factor authentication (MFA).
- Disable unnecessary features: Disable any functionalities within Business Central that are not required for your organization's operations. This reduces the attack surface and potential entry points for vulnerabilities.
- Regularly scan your system: Implement vulnerability scanning tools to identify and address any newly discovered vulnerabilities in your system.
- Educate users: Train your users to be aware of phishing attacks and other social engineering techniques that could be used to exploit this vulnerability. Users should be cautious when opening emails or clicking on links, especially those from untrusted sources.
Confirmation & Additional Information:
- Verify the update installation: After applying the security update, confirm that it has been successfully installed. You can usually check this information within the Microsoft Dynamics 365 Admin Center or through application logs.
- Stay informed: Regularly check for new security updates from Microsoft and apply them promptly.
REFERENCES:
