CVE-2024-35248
📋 TL;DR
This vulnerability in Microsoft Dynamics 365 Business Central allows authenticated attackers to elevate their privileges within the application. It affects organizations using on-premises deployments of Dynamics 365 Business Central. Attackers could gain unauthorized access to sensitive data or administrative functions.
💻 Affected Systems
- Microsoft Dynamics 365 Business Central
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full administrative control over the Dynamics 365 Business Central instance, allowing them to access all business data, modify financial records, and potentially pivot to other systems.
Likely Case
An authenticated user with limited permissions escalates to higher privileges, accessing sensitive business data they shouldn't have access to, potentially leading to data theft or unauthorized transactions.
If Mitigated
With proper network segmentation, least privilege access controls, and monitoring, impact is limited to the Dynamics 365 Business Central instance with no lateral movement.
🎯 Exploit Status
Requires authenticated access to the Dynamics 365 Business Central application. No public exploit code has been observed as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: May 2024 cumulative update for Dynamics 365 Business Central on-premises
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248
Restart Required: Yes
Instructions:
1. Download the May 2024 cumulative update from Microsoft. 2. Apply the update to all Dynamics 365 Business Central on-premises servers. 3. Restart the application services. 4. Test business processes after patching.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Dynamics 365 Business Central servers to only authorized users and systems.
Least Privilege Access
allReview and minimize user permissions within Dynamics 365 Business Central to limit potential damage from privilege escalation.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Dynamics 365 Business Central servers
- Enable detailed audit logging for all user activities and privilege changes within the application
🔍 How to Verify
Check if Vulnerable:
Check your Dynamics 365 Business Central version. If it's an on-premises deployment prior to the May 2024 update, you are vulnerable.Check Version:
Check the application version within Dynamics 365 Business Central administration console or review installed updates in Windows ServerVerify Fix Applied:
Verify that the May 2024 cumulative update is installed and the application version reflects the patched release.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events
- User accounts accessing functions beyond their normal permissions
- Administrative actions from non-admin users
Network Indicators:
- Unusual authentication patterns to Dynamics 365 Business Central servers
- Traffic from unexpected sources to application ports
SIEM Query:
source="Dynamics365" AND (event_type="privilege_escalation" OR user_permission_change="true")