A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victimβs server.
To exploit the vulnerability, an authenticated attacker needs to convince the victim into connect to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution.
The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victimβs server.