Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability in Microsoft Dynamics 365 (on-premises) allows an authenticated attacker to execute code over a network. This is concerning because it could let someone gain unauthorized control of systems.
- Affects Dynamics 365 (on-premises).
- Requires existing valid user credentials.
- Can lead to unauthorized code execution.
Attack Path
How an attacker could exploit the issue
An attacker with administrator privileges on Microsoft Dynamics 365 (on-premises) can exploit this flaw to gain control of the server. They would send specially crafted network requests to trigger the vulnerability, allowing them to execute arbitrary code with high privileges.
- Requires administrative access.
- Network-based attack vector.
- Targets Dynamics 365 (on-premises).
Live Threat
Current exploitation, exposure, and threat context
This vulnerability allows an authorized attacker to execute code remotely over a network within Microsoft Dynamics 365 (on-premises). While requiring authenticated access, the potential for privilege escalation and significant impact makes it a target for adversaries seeking to move laterally within an organization or compromise sensitive data. The on-premises nature and authentication requirement suggest a more focused threat landscape.
- Exploitation requires valid credentials.
- No public exploit is currently observed.
- Targeting internal or authenticated users.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize immediate patching of Microsoft Dynamics 365 on-premises instances affected by this critical vulnerability, as it allows authenticated attackers to execute code over a network. If patching is delayed, isolate affected systems from the network to prevent lateral movement and unauthorized code execution.
- Patch Dynamics 365 to version 9.1.45.11.
- Isolate affected Dynamics 365 instances.
- Monitor network traffic for exploitation indicators.
