Application Support

Microsoft Dynamics NAV/Business Central Security Vulnerabilities

At Synergy Technology, we are always looking for ways to safeguard our customers’ systems and to improve our customer service.

Microsoft recently published two reports detailing known vulnerabilities to its Dynamics NAV/Business Central platform. Keep reading below to learn more about these security issues and how you can protect your ERP system.
Since it is so unusual for Microsoft to publish official notifications of security issues (this is the first time), it is important for all users to be aware of the following critical information.

Security Vulnerabilities

There exists an identified remote code execution vulnerability in Microsoft Dynamics NAV/Business Central.
Using this exploit, a successful attacker could potentially execute arbitrary shell commands on the victim’s server. For this to occur, an authenticated attacker must convince the victim to connect to a malicious Dynamic NAV/Business Central client or to elevate permissions to allow the code execution.
Microsoft has released security software updates (linked to below) which address this vulnerability by preventing the possible use of a binary type to execute code on the victim’s server.

What Systems are Affected?

This sophisticated type of attack could potentially be used on the following non-updated Dynamic NAV/Business Central systems:

  • Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
  • Dynamics 365 Business Central 2019 Spring Update
  • Microsoft Dynamics 365 BC On Premise
  • Microsoft Dynamics NAV 2013
  • Microsoft Dynamics NAV 2015
  • Microsoft Dynamics NAV 2016
  • Microsoft Dynamics NAV 2017
  • Microsoft Dynamics NAV 2018

What Should I Do Next?

Security vulnerabilities are just one of the reasons why you should always ensure your software is fully up to date. Microsoft’s engineers have now developed software updates which should address these security concerns and render your systems less vulnerable to cyber attacks.

This is why Synergy Technology would highly recommend ensuring your platform is up to date with the latest security updates. Please contact the Synergy Technology team to update your ERP system and benefit from the latest software fixes and improvements. Call 0345 456 0050 now to check your system version or to arrange your update.

Additional Information

For more details on the latest security vulnerabilities and to download the latest security software update for your particular system, please see Microsoft’s official announcements:

  1. Vulnerability Notification CVE-2020-0905
  2. Vulnerability Notification CVE-2020-1022

If you believe you may have been a victim of these attacks, or if you require additional technical assistance, please contact the Synergy Technology team today. Call us on 0345 456 0050 now. Alternatively, you can send us a message via our website.

Microsoft Dynamics NAV to Business Central upgrade with Synergy Technology.