CVE-2020-17018 : Security Advisory and Response

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability was published on November 10, 2020, with a CVSS base score of 5.4.

Understanding CVE-2020-17018

This CVE involves a Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises).

What is CVE-2020-17018?

CVE-2020-17018 is a Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises).

The Impact of CVE-2020-17018

The vulnerability is classified as having a medium severity impact, potentially leading to spoofing attacks.

Technical Details of CVE-2020-17018

This section provides technical details of the vulnerability.

Vulnerability Description

The vulnerability allows attackers to execute malicious scripts in the context of a user's session on the affected system.

Affected Systems and Versions

Affected versions include Microsoft Dynamics 365 (on-premises) version 8.2 and version 9.0.0.
Platforms affected are listed as 'Unknown'.

Exploitation Mechanism

Attackers can exploit this vulnerability by injecting malicious scripts into input fields or URLs, which are then executed within a user's browser session.

Mitigation and Prevention

Protecting systems from CVE-2020-17018 is crucial.

Immediate Steps to Take

Apply security patches provided by Microsoft promptly.
Implement input validation mechanisms to sanitize user inputs and prevent script injection.
Educate users about the risks of clicking on suspicious links or downloading files from untrusted sources.

Long-Term Security Practices

Regularly update and patch software to address known vulnerabilities.
Conduct security assessments and penetration testing to identify and remediate potential security weaknesses.

Patching and Updates

Stay informed about security advisories and updates from Microsoft to apply patches as soon as they are released.