CVE-2023-35621
📋 TL;DR
This vulnerability in Microsoft Dynamics 365 Finance and Operations allows attackers to cause a denial of service (DoS) condition by sending specially crafted requests to the application. Organizations running affected versions of Dynamics 365 Finance and Operations are vulnerable to service disruption. The vulnerability affects the availability of business-critical financial and operational systems.
💻 Affected Systems
- Microsoft Dynamics 365 Finance
- Microsoft Dynamics 365 Operations
📦 What is this software?
Dynamics 365 by Microsoft
Dynamics 365 by Microsoft
Dynamics 365 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of Dynamics 365 Finance and Operations, disrupting financial transactions, supply chain operations, and business processes for extended periods.
Likely Case
Temporary service disruption requiring system restart or recovery procedures, impacting business operations until service is restored.
If Mitigated
Minimal impact with proper network segmentation, rate limiting, and monitoring that detects and blocks attack attempts before service disruption occurs.
🎯 Exploit Status
Microsoft rates this as 'Exploitation More Likely' in their advisory; DoS vulnerabilities typically have low exploitation complexity
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply latest security updates from Microsoft; specific version depends on your Dynamics 365 deployment
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621
Restart Required: Yes
Instructions:
1. Check Microsoft Security Update Guide for your specific Dynamics 365 version. 2. Apply the security update through your normal patching process. 3. Restart affected Dynamics 365 services. 4. Verify the update was applied successfully.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Dynamics 365 Finance and Operations to only trusted networks and IP addresses
Rate Limiting
allImplement rate limiting on web application firewalls or load balancers to prevent DoS attempts
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Dynamics 365 application
- Deploy web application firewall with DoS protection rules and monitor for unusual traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check your Dynamics 365 version against Microsoft's security update guide; review system logs for unusual request patterns or service disruptionsCheck Version:
Check through Dynamics 365 administration portal or PowerShell: Get-Command -Module Microsoft.Dynamics.Nav.*Verify Fix Applied:
Verify the security update is installed through Dynamics 365 administration tools; test application functionality; monitor for service stability📡 Detection & Monitoring
Log Indicators:
- Unusual request patterns to Dynamics 365 endpoints
- Service restart events
- High CPU/memory usage on Dynamics servers
- Application pool recycling events
Network Indicators:
- High volume of requests to Dynamics 365 from single or few sources
- Unusual request patterns or malformed requests
SIEM Query:
source="dynamics365" AND (event_type="service_restart" OR error_code="500" OR request_count>threshold)