CVE-2023-36410
📋 TL;DR
This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 on-premises that allows attackers to inject malicious scripts into web pages viewed by other users. It affects organizations running vulnerable versions of Dynamics 365 on-premises, potentially compromising user sessions and data.
💻 Affected Systems
- Microsoft Dynamics 365 (on-premises)
📦 What is this software?
Dynamics 365 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or install malware through drive-by downloads.
Likely Case
Session hijacking leading to unauthorized access to business data, phishing attacks against legitimate users, or defacement of Dynamics 365 interfaces.
If Mitigated
Limited impact with proper input validation, output encoding, and Content Security Policy headers in place.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity but require user interaction or specific conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply the security update from Microsoft's October 2023 Patch Tuesday or later
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36410
Restart Required: Yes
Instructions:
1. Download the security update from Microsoft Update Catalog. 2. Apply the update to all affected Dynamics 365 on-premises servers. 3. Restart the servers as required. 4. Test functionality after patching.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd Content Security Policy headers to restrict script execution sources
Input Validation and Output Encoding
allImplement strict input validation and proper output encoding in custom Dynamics 365 components
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Restrict access to Dynamics 365 to trusted networks only
🔍 How to Verify
Check if Vulnerable:
Check Dynamics 365 version against Microsoft's security update guide; test for XSS vulnerabilities using security scannersCheck Version:
Check Dynamics 365 version through the application interface or server installation logsVerify Fix Applied:
Verify the security update is installed via Windows Update history or version check; test XSS payloads no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in URL parameters
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing suspicious script patterns
- Unexpected redirects from Dynamics 365 pages
SIEM Query:
source="web_server" AND (url="*<script>*" OR url="*javascript:*") AND dest="dynamics_server"