===================================================================== CERT-Renater Note d'Information No. 2014/VULN010 _____________________________________________________________________ DATE : 15/01/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Dynamics AX version 4.0, 2009, 2012. ====================================================================== KB2880826 https://technet.microsoft.com/en-us/security/bulletin/ms14-004 ______________________________________________________________________ Microsoft Security Bulletin MS14-004 - Important Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) Published Date: January 14, 2014 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability in Microsoft Dynamics AX. The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance. An attacker who successfully exploited this vulnerability could cause the target AOS instance to stop responding to client requests. This security update is rated Important for all supported editions of Microsoft Dynamics AX 4.0, Microsoft Dynamics AX 2009, Microsoft Dynamics AX 2012, and Microsoft Dynamics AX 2012 R2. Affected Software Microsoft Dynamics AX 4.0 Service Pack 2 Microsoft Dynamics AX 2009 Service Pack 1 Microsoft Dynamics AX 2012 Microsoft Dynamics AX 2012 R2 Vulnerability Information Query Filter DoS Vulnerability - CVE-2014-0261 A denial of service vulnerability exists in Microsoft Dynamics AX that could allow an attacker to cause an AOS instance to become unresponsive. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================