Looking for PowerObjects? Don’t worry, you’re in the right place! We’ve been part of HCL for several years, and we’ve now taken the final step in our acquisition journey: moving our website to the HCL domain. Nothing else is changing – we are still fanatically focused on Microsoft Business Applications!

PowerObjects Blog 

for Microsoft Business Applications


Asp.net vulnerability affects Dynamics CRM 4.0

Post Author: Joe D365 |

Recently there has been a lot of discussion around a new vulnerability in the way asp.net handles errors. The details are here:

https://www.microsoft.com/technet/security/advisory/2416728.mspx

Microsoft is still working on a patch, but there are ways to immediately mitigate the risks. For dynamics CRM 4, Microsoft has released a temporary update:

http://support.microsoft.com/default.aspx?kbid=2421203

In addition, we advise you to monitor your application logs for a message similar to this:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/11/1111 11:11:11 AM

Application information:
Application domain: c1db5830-1-129291000036654651

    Application Virtual Path: /
Exception information:
    Exception type: CryptographicException

    Exception message: Padding is invalid and cannot be removed.

If you see the above, this means that someone or some automated scanning tool is trying to exploit this vulnerability.

 

Joe CRM
By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

PowerObjects Recommends