{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/dynamics-365/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-42898"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Dynamics 365 (on-premises)"],"_cs_severities":["critical"],"_cs_tags":["code injection","dynamics 365","cve-2026-42898","web application","execution"],"_cs_type":"threat","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-42898 is a critical code injection vulnerability affecting Microsoft Dynamics 365 (on-premises). This vulnerability allows an authorized attacker with network access to inject and execute arbitrary code on the affected system. The vulnerability stems from improper control of code generation within the Dynamics 365 application. Successful exploitation can lead to complete system compromise, data breaches, and unauthorized access to sensitive information. Defenders should prioritize patching and consider implementing detection measures to identify potential exploitation attempts. The vulnerability was published on 2026-05-12 and poses a significant threat to organizations using on-premises deployments of Dynamics 365.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authorized attacker gains network access to the Dynamics 365 (on-premises) environment.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the Dynamics 365 application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing injected code.\u003c/li\u003e\n\u003cli\u003eThe malicious request is sent to a vulnerable endpoint within the Dynamics 365 application.\u003c/li\u003e\n\u003cli\u003eThe application improperly processes the request, leading to code generation based on the attacker-controlled input.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed within the context of the Dynamics 365 application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the Dynamics 365 server.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their access to compromise other systems on the network or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-42898 allows an attacker to execute arbitrary code on the Microsoft Dynamics 365 (on-premises) server. This can lead to a complete compromise of the system, potentially affecting all data and processes managed by Dynamics 365. Impact includes data breaches, financial losses, and reputational damage. Given the widespread use of Dynamics 365 in managing customer relationships and business operations, a successful attack could have significant consequences for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch provided by Microsoft to address CVE-2026-42898 as soon as possible to prevent exploitation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation attempts in real-time.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests to Dynamics 365 servers, specifically looking for patterns indicative of code injection (see Sigma rules).\u003c/li\u003e\n\u003cli\u003eReview user access controls within Dynamics 365 to ensure least privilege and limit the impact of potential compromises.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to filter out malicious requests targeting Dynamics 365.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:42:53Z","date_published":"2026-05-12T18:42:53Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dynamics365-code-injection/","summary":"CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows an authorized attacker to execute arbitrary code over a network.","title":"CVE-2026-42898: Microsoft Dynamics 365 (on-premises) Code Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-dynamics365-code-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-42833"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Dynamics 365 (on-premises)"],"_cs_severities":["critical"],"_cs_tags":["cve","remote code execution","dynamics 365"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-42833 is a critical vulnerability affecting Microsoft Dynamics 365 (on-premises). The vulnerability stems from a flaw in the software that permits execution with unnecessary privileges, potentially enabling a high-privileged authorized attacker to execute arbitrary code remotely over a network. Successful exploitation of this vulnerability would allow the attacker to perform unauthorized actions, potentially leading to complete system compromise, data theft, or denial of service. This vulnerability poses a significant risk to organizations utilizing the on-premises version of Dynamics 365, requiring immediate patching and mitigation measures.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authorized attacker gains high-privileged access to a Dynamics 365 (on-premises) instance. This could be achieved through compromised credentials or an insider threat.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the vulnerability (CVE-2026-42833), exploiting the flaw that allows execution with unnecessary privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to trigger the execution of arbitrary code within the Dynamics 365 server environment.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent over the network to the Dynamics 365 server, exploiting a network-accessible component.\u003c/li\u003e\n\u003cli\u003eThe Dynamics 365 server processes the request, unintentionally executing the attacker\u0026rsquo;s malicious code due to the privilege escalation vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code executes within the security context of the Dynamics 365 application, potentially gaining elevated privileges.\u003c/li\u003e\n\u003cli\u003eWith elevated privileges, the attacker can perform a variety of malicious actions, such as installing malware, exfiltrating sensitive data, or manipulating system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves the objective of remote code execution, leading to full control over the Dynamics 365 server and potential compromise of the entire network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-42833 can lead to complete compromise of the Microsoft Dynamics 365 (on-premises) server. An attacker can gain full control over the system, allowing them to steal sensitive data, install malware, disrupt business operations, and potentially pivot to other systems on the network. The vulnerability affects organizations that use the on-premises version of Dynamics 365.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security update released by Microsoft to address CVE-2026-42833 as detailed in the Microsoft Security Response Center advisory.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity indicative of exploitation attempts targeting Dynamics 365 servers, using network intrusion detection systems.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM and tune it to detect potential exploitation attempts of CVE-2026-42833 based on process creation events.\u003c/li\u003e\n\u003cli\u003eEnforce the principle of least privilege to limit the impact of compromised accounts as it restricts lateral movement and code execution.\u003c/li\u003e\n\u003cli\u003eReview and audit user permissions within Dynamics 365 to ensure that no users have unnecessary elevated privileges, reducing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:42:37Z","date_published":"2026-05-12T18:42:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dynamics365-rce/","summary":"CVE-2026-42833 is a critical vulnerability in Microsoft Dynamics 365 (on-premises) allowing an authorized attacker with high privileges to execute arbitrary code over the network due to execution with unnecessary privileges.","title":"CVE-2026-42833: Microsoft Dynamics 365 (on-premises) Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-dynamics365-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Dynamics 365","version":"https://jsonfeed.org/version/1.1"}