Login Sign Up

CVE-2019-1229

8.8 HIGH

📋 TL;DR

This is an elevation of privilege vulnerability in Microsoft Dynamics On-Premise v9 that allows authenticated users with customizer privileges to execute arbitrary code on the Web Role server. Attackers need valid credentials for a user authorized to create business rules and can exploit it by persisting malicious XAML scripts. Organizations running affected Dynamics installations are at risk.

💻 Affected Systems

Products:
  • Microsoft Dynamics 365 On-Premise
Versions: Version 9.x
Operating Systems: Windows Server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Dynamics On-Premise installation with users having customizer privileges; cloud deployments are not affected.

📦 What is this software?

Dynamics 365 by Microsoft

View all CVEs affecting Dynamics 365 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Dynamics Web Role server, allowing attackers to execute arbitrary code, access sensitive data, and potentially pivot to other systems in the network.

🟠

Likely Case

Privilege escalation from a legitimate user with customizer permissions to full control of the Dynamics server, enabling data theft, configuration changes, and persistence.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and monitoring are in place, though the vulnerability still provides a foothold for attackers.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access with specific privileges and ability to persist XAML scripts as code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the security update from Microsoft's August 2019 Patch Tuesday

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229

Restart Required: Yes

Instructions:

1. Download the security update from Microsoft Update Catalog. 2. Apply the patch to all affected Dynamics servers. 3. Restart the servers as required. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Restrict Customizer Privileges

windows

Limit user accounts with permission to author customized business rules to only essential personnel.

Monitor XAML Activity

windows

Implement logging and monitoring for XAML script creation and execution in Dynamics.

🧯 If You Can't Patch

  • Implement strict access controls to limit users with customizer privileges to the minimum necessary.
  • Segment the Dynamics server network to limit lateral movement if compromised.

🔍 How to Verify

Check if Vulnerable:

Check if Dynamics On-Premise v9 is installed without the August 2019 security update applied.

Check Version:

Check Dynamics version through the Dynamics Server administration console or PowerShell commands specific to the installation.

Verify Fix Applied:

Verify the security update is installed via Windows Update history or by checking the Dynamics server version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual XAML script creation or modification by users with customizer privileges
  • Unexpected process execution on the Dynamics Web Role server

Network Indicators:

  • Suspicious outbound connections from the Dynamics server to unknown IPs

SIEM Query:

Search for events related to XAML script changes or unauthorized process execution on Dynamics servers.

📊 Metadata

CVE ID: CVE-2019-1229
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: August 14, 2019
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON