Login Sign Up

CVE-2020-16862

7.1 HIGH
Remote Code Execution

📋 TL;DR

This is a remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) where improper input sanitization allows authenticated attackers to execute arbitrary code. The vulnerability affects on-premises Dynamics 365 deployments, allowing attackers to run code with SQL service account privileges. Organizations using vulnerable on-premises Dynamics 365 installations are affected.

💻 Affected Systems

Products:
  • Microsoft Dynamics 365 (on-premises)
Versions: Specific versions not detailed in advisory; all vulnerable on-premises versions before patching
Operating Systems: Windows Server
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects on-premises deployments; Dynamics 365 Online/cloud versions are not affected.

📦 What is this software?

Dynamics 365 by Microsoft

View all CVEs affecting Dynamics 365 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Dynamics server, data exfiltration, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Data theft, business disruption, and potential ransomware deployment affecting Dynamics operations.

🟢

If Mitigated

Limited impact due to network segmentation, minimal service account privileges, and proper input validation controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access to the Dynamics server; exploitation involves specially crafted web requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Microsoft security update for Dynamics 365 (on-premises)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

Restart Required: Yes

Instructions:

1. Download the security update from Microsoft Update Catalog. 2. Apply the update to all affected Dynamics 365 servers. 3. Restart the servers as required. 4. Test Dynamics functionality post-patch.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Dynamics servers to only authorized users and systems

Input Validation Enhancement

all

Implement additional input validation at web application firewall or proxy level

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach Dynamics servers
  • Monitor for unusual SQL service account activity and web request patterns

🔍 How to Verify

Check if Vulnerable:

Check Dynamics 365 version against Microsoft security bulletin; verify if security update is applied

Check Version:

Check Dynamics 365 version through administrative interface or server configuration

Verify Fix Applied:

Confirm security update is installed via Windows Update history or patch management system

📡 Detection & Monitoring

Log Indicators:

  • Unusual web request patterns to Dynamics endpoints
  • SQL service account executing unexpected processes
  • Failed authentication attempts followed by successful exploitation

Network Indicators:

  • Unusual outbound connections from Dynamics server
  • Suspicious HTTP requests to Dynamics web services

SIEM Query:

source="dynamics_server" AND (event_type="web_request" AND request_uri CONTAINS suspicious_pattern) OR (process_name="sqlservr.exe" AND parent_process!="expected_parent")

📊 Metadata

CVE ID: CVE-2020-16862
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Published: September 11, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON