CVE-2021-34524: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Aug

Released

2021-08-10

Last Updated

2021-08-11

EPSS Score

1.56% (percentile: 81.5%)

FAQ

Is the update for Microsoft Dynamics 365 (on-premises) version 9.1 currently available? The security update for Microsoft Dynamics 365 (on-premises) version 9.1 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.

Affected Products (2)

Other

• 11921
• 11664

Security Updates (2)

• 4618809
• 4618795

Acknowledgments

<a href="https://www.linkedin.com/in/fabian-schmidt-42-">Fabian Schmidt</a>

Revision History

• 2021-08-10: Information published.
• 2021-08-10: The following revisions have been made: 1) In the Security Updates table, updated the Download and Release Note links for Dynamics 365 (on-premises) version 9.0. This is an informational change only. 2) Added an FAQ regarding the availability of the security update for Microsoft Dynamics 365 (on-premises) version 9.1.
• 2021-08-11: Microsoft is announcing the availability of the security updates for Microsoft Dynamics 365 (on-premises) version 9.1. Customers running affected Dynamics software should install the update for their product to be protected from this vulnerability. Customers running other versions of Microsoft Dynamics 365 (on-premises) do not need to take any action. See the KB4618809 for more information and download links.