Lucene search
MicrosoftKB5029765HistoryAug 08, 2023 - 7:00 a.m.
Update 22.4 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 1 (Application Build 22.4.59535, Platform Build 22.0.59520)
2023-08-0807:00:00
Microsoft
support.microsoft.com
9
microsoft dynamics 365
business central
security
vulnerability
hotfix
update
elevation of privilege
problem resolutions
compatibility
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.2%
Update 22.4 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 1 (Application Build 22.4.59535, Platform Build 22.0.59520)
Overview
This update replaces previously released updates. You should always install the latest update. This update also fixes an elevation of privilege vulnerability. For more information, see CVE-2023-38167.After you install this hotfix, you might have to update your license to gain access to new objects that are included in this or a previous update. (This applies only to customer licenses.)For a list of updates that were released for Microsoft Dynamics 365 Business Central 2023 Release Wave 1, see released updates for Microsoft Dynamics 365 Business Central 2023 Release Wave 1. Updates are intended for new and existing customers who are running Microsoft Dynamics Released Updates for Microsoft Dynamics 365 Business Central 2023 Release Wave 1.ImportantWe recommend that you contact your Microsoft Dynamics Partner before you install hotfixes or updates. It is important to verify that your environment is compatible with the hotfixes or updates that will be installed. A hotfix or update may cause interoperability issues with customizations and third-party products that work together with your Microsoft Dynamics 365 Business Central solution.
Problems that are resolved in this update
| The following problems are resolved in this update.Platform hotfixesID | Title |
|---|---|
| 475138 | Fix the issue that blocks web-services on a node. |
| 474864 | The Report Local language settings in AL triggers are not updated when running from the request page. |
| 474604 | Limit the number of data logged to telemetry. |
| 474575 | Multiline text cells are displayed as single line text cells in a list. |
| 474338 | Including blobs in table extensions can cause field update failures when using the web client. |
| 474304 | Entering Language or Format Region on the request page does not overwrite the report. |
| 474127 | Prevent the Chromium beforeunload bug. |
| 472566 | Validating a RDLC layout fails with an error when it contains an expression in that layout which contains line breaks. |
| 470392 | The event log file shows the validation of the Microsoft.Dynamics.Nav.Runtime.NavAuthenticationHandlerFactory setup for the ClientApplicationInfo. |
| 475199 | Issue when customizing pages with Enum used as a global variable in the SourceExpr property. |
| 477432 | Improve the memory allocated during server startup. |
| 478287 | Improve the allocation of threads reserved for web service endpoints. |
| 478507 | Update the inherited user permissions when there are changes in the Azure AD group membership. |
| 469907 | When using the GETURL API with the clienttype parameter, incorrect URL primary keys or OData keys are generated, and no URL is generated when declared with UseFilters function. |
| Application hotfixesID | Title |
| — | — |
| 475242 | “Request Sent for Approval” and “Request to Approve” fields are not updated as expected in the Company Hub. |
| 474653 | The filter for the Bank Account Ledger Entries of the Bank Acc. Reconciliation page is not updated when changing the Bank Acc. Rec. to the next one by using the arrows. |
| 475205 | “The bank account reconciliation does not exist” error message when trying to import a bank statement file for a new Bank Acc. Reconciliation entry created with the Statement Type setting to blank. |
| 478136 | The Document No. in Bank Deposit line is incorrectly removed when changing the Account Type in the lines. |
| 470252 | The error message isn’t displayed when posting Deferrals for a Document No. that already exists. |
| 473172 | Date format error on the Income Statement when changing regional settings with a different date format. |
| 473910 | The budgeted fixed asset is incorrect in the Cash Flow Forecast. |
| 474109 | Unable to release Purchase Orders due to the JIT load problem from SetLoadFields. |
| 474407 | A blocking error occurs when trying to cancel an issued reminder that contains lines with interest amount. |
| 474514 | “An error occurred and the transaction is stopped. Contact your administrator or partner for further assistance.” error message when dealing with the VAT Registration Number. |
| 475512 | The Non-Deductible VAT field is missing in the Purchase Line Archive table. |
| 475515 | The G/L Entries and VAT Entries are incorrect when using a different Non-Deductible VAT percentage with the same VAT Identifier. |
| 475519 | The G/L Entries and VAT Entries are incorrect when using the “Adjust VAT for Paym. Discount” option for invoices which are posted with Non-Deductible VAT. |
| 475531 | The VAT Identifier field is not wide enough on the purchase credit memo. |
| 475533 | The G/L Entries and VAT Entries are missing when using the Adjust VAT for Payment Discount functionality for Reverse Charge Purchase Invoices which are posted with Non-Deductible VAT. |
| 475879 | In a scenario involving foreign currency and deferrals, the Non-Deductible VAT Amount is not deferred in G/L Entries. |
| 476513 | Unable to change the settings for a Sales Prepayment General Ledger Account if Purchase Prepayment invoices are registered. |
| 476793 | The Balance is incorrect in the Financial Reports if the Statistical Accounts are filtered by Dimensions. |
| 477388 | The formatting is incorrect on Issued Reminders and Issued Financial Charge Memos (RDLC). |
| 477421 | The data check function does not refresh errors when a filter is applied. |
| 477652 | The “Invoice Discount %” field is incorrect in documents. |
| 477630 | The Global Dimension No. doesn’t change on the Dimension Values. |
| 477903 | The exported Intrastat file contains lines outside the Type filter. |
| 478273 | Remove Subsidiary from the option values list of the Financial reporting option. |
| 478444 | “The VAT Setup does not exist” error message when a user opens a sales or purchase order. |
| 478448 | The Payment Method Code is blank and the Due Date for payment is not calculated correctly when posting the Vendor Ledger Entry via General journal with Standard General Journals. |
| 478110 | Some Non-Deductible VAT events are Internal instead of Integration. |
| 477634 | Allow the editing of dimension codes in the dimension value table to enable them to be inserted via a web service call. |
| 477075 | The Posted Sales Credit Memo is not linked with the Posted Sales Invoice (including the Cancelled/Corrective fields) if the Applies-to Doc. No. is cleared on a Sales Credit Memo. |
| 474139 | The IC Partner is not correctly assigned in the General Ledger Entries when posting an Intercompany Journal for a different IC Partner but with the same Document Number. |
| 473699 | Unable to use the Correct Posted Purchase Invoice option for too large “Amount to apply” value. |
| 470332 | “You cannot purchase this item because the Purchasing Blocked check box is selected on the item card” error message when trying to revalue a Unit Cost in the Revaluation Journal when the Purchasing Blocked option is enabled. |
| 473739 | The Item Ledger Entry Type in the posted Value Entry incorrectly shows as “Purchase” instead of “Sale”. |
| 474051 | “Dimension value missing” error message when trying to post an assembly order. |
| 474930 | The Zone Code is filtered on the Bin Content page. |
| 475010 | Issue with updating dimensions from item to the document lines when dealing with Inventory Shipments or Receipts. |
| 475183 | Some fields get overwritten unexpectedly in the Item Template. |
| 476452 | Unable to remove a Serial No. after it’s inserted to an item. |
| 476940 | The Lot No. is missing for the pick created and set as Pick According to FEFO. |
| 478418 | An error related to dimensions is displayed when posting an Assembly Order, even if the dimension value is specified in the header and lines. |
| 473641 | “New Location Code must have a value…” error message when using the Undo Shipment option on the Posted Transfer Shipment page. |
| 472909 | The Lot Number, Expiration Date and Warranty Date are not available for the Physical Inventory Journal after activating Item Tracking on Lines for Physical Inventory Batches. |
| 475028 | The client stops working when running Synchronizing Item Tracking. |
| 478131 | Issue when purchasing supply for Lot-for-Lot Items with Rescheduling Period set by the Calculate Regenerative Plan in the Planning Worksheet. |
| 478242 | It’s possible add and post more Over-Receipt Quantity than the tolerance of the original quantity. |
| 472434 | Job prices are copied although the Copy Job Prices parameter is set to False in the Copy Job action. |
| 474476 | The Recog. Profit G/L Amount field on the Job WIP page does not show the same amount as that on the Job Card. |
| 475861 | Unable to select lines when dealing with the Job Planning lines. |
| 468737 | The allocated capacity is incorrect when dealing with the Schedule Manually field. |
| 472808 | The Rolled-up Capacity Cost is incorrect in the BOM Cost Share Distribution report. |
| 475158 | “The given key was not present in the dictionary” error message when refreshing a Released Production Order with a Parallel Routing that has more than two Parallel Routing lines. |
| 476235 | The dimension on the component (which is inherited from the produced item) is missing in the production journal when there are dimensions on the location card. |
| 478987 | The Rolled-up Capacity Cost is incorrect in the BOM Cost Share Distribution report. |
| 476888 | The default Place Zone Code and Bin Code are not filled in a Directed Put-away and Pick Location even if the Default Bin Code is defined when using the Movement Worksheet to create a Movement for Production Output. |
| 468739 | The queue time value on the production order routing does not match the work center queue time value when the routing type is parallel. |
| 478474 | The component with variant is not updated correctly in the released production order. |
| 475571 | Inconsistency error when posting a G/L Journal with currency and Non-Deductible VAT. |
| 472816 | The shipping address is changed to the location address after changing a special order to a purchase order. |
| 474270 | “The requested operation is not supported. Page New - Purchase order - xxx -xxx - has to close” error message after changing the Pay-To Vendor on a Purchase Order and editing a line description. |
| 476029 | Unable to create a new Purchase Document from the Vendor Card for manual No. Series. |
| 476242 | Error occurs when updating the quantity on a purchase order with an Item Unit of Measure that has 5 decimal places and a partial receipt. |
| 474114 | The Purchase Order Line Location Code is inconsistent. |
| 477899 | “Error: The length of the string is xx, but it must be less than or equal to 20 characters. Value: ‘xxxxx-xxx (xx% VAT)’” error message in the Incoming Document Factbox when the Document No. contains a percent sign. |
| 469004 | The comment lines are duplicated in the Sales or Purchase Credit Memo that is created by the Corrective Credit Memo. |
| 471899 | The Product Discount Amount is not used when creating a Sales Order from the Shopify Order. |
| 473106 | Last used options and filters are not saved in the Batch Post Sales Orders report. |
| 473815 | Unable to add the Customer Posting Group through personalization on the Customer List after version 22.0. |
| 474301 | The content of a field ID is different in the Sales Header and the Sales Invoice causes error when trying to copy a document. |
| 474291 | Order statistics fails when the prepayment is active and invoice rounding is negative. |
| 474677 | The Discount Amount is not used when creating a Sales Order from the Shopify Order. |
| 475121 | The Allowed Values Filter is applied on the Customer Template instead of the new Customer Card after creating a new customer. |
| 476083 | When sending the Customer Statement by email for more than one customer, the process stops if one of the customers’ email is wrong. |
| 476828 | Data updates are prevented when activating the new pricing feature if the source line has a blank Item Number. |
| 468452 | Numerous Sales and Inventory Forecast Entries appear in Manual Setup. |
| 477941 | The Canceled status is incorrectly set to TRUE on a Posted Sales Invoice Header, even when a Partial Sales Credit Memo is manually created and posted for partial Sales Credit Memo posting. |
| 474641 | Sales Order Quantities are not changed back when using the Cancel function in the Sales Invoice if there is a workflow for the Credit Memo enabled. |
| 475359 | The Contract Group Code is not set in all of the Service Ledger Entries. |
| 473758 | Selected orders are missing in the filter on the Batch Post Service Orders request page. |
| 472664 | Unable to pick from or move a Place line of a put-away via reclass or movement after the line is changed into a “Receive” Bin Type. |
| 477719 | An error occurs in the Inventory Pick process when using Lot No. Specific and Warehouse Tracking. In this case, an incorrect Lot No. is used, and an oversold scenario creates a Reservation Entry that cannot be modified, leading to additional steps for correction. |
| 477629 | “Lot No. is changed on the Inventory Pick - Error: Qty. to Handle (Base) in the Item Tracking assigned to the document line for Item ## is currently xx. Must be xx” error message during the Inventory Pick process when using Lot No. Specific and Warehouse Tracking. |
| 478663 | The BIN Code is not pre-set when manually selecting a vendor in the requisition worksheet. |
| 476943 | Issue is generated for the validation of Warehouse Class Code even when the Location Code is set up with the Boolean disabling Check Warehouse Class. |
| 478582 | The Warehouse Shipment line is not updated correctly when undoing a shipment. |
| Local application hotfixes****APACID | Title |
| — | — |
| 476395 | When trying to use Access Intent ReadOnly with a custom report and a Temporary Customer record, an issue that deletes the temporary record triggers an attempt to delete persistent data in the APAC version. |
| 478562 | The Cost Plus % doesn’t work correctly when updated in the Item Card by using the old Pricing method in the APAC version. |
| AU - AustraliaID | Title |
| — | — |
| 473482 | The Line Discount % doesn’t work if the Assign-to Type is set as Sales Price Group in the Australian version. |
| CA - CanadaID | Title |
| — | — |
| 473758 | Selected orders are missing in the filter on the Batch Post Service Orders request page in the Canadian version. |
| CZ- CzechID | Title |
| — | — |
| 474767 | Error when creating a company with standard and evaluation in the Czech version. |
| 474818 | Unable to use the advance letter when an invoice is partially covered by the cashier in the Czech version. |
| 478585 | Pair payments to payments in the Czech version. |
| 478672 | Issue with the bank statement description after the validation of account type in the Payment Journal in the Czech version. |
| 477982 | The Apply Entries action on Payment Journal is disabled when the Account Type is set to “G/L Account” in the Czech version. |
| 473732 | The variable symbol is not automatically generated if the document is issued when dealing with Reminders or Finance Charge Memos in the Czech version. |
| 475038 | It’s possible to disable VAT Date even if there are already posted entries with a VAT Date in the Czech version. |
| 474731 | The W1 Registration No. field is used instead of CZ Registration No. in the Czech version. |
| 478557 | The populated advance payment is bound incorrectly in the Czech version. |
| 477057 | The system incorrectly filters the first row definition in alphabetical order when trying to print out a Financial Report in the Czech version. |
| 477069 | Data is saved on the report when running “Adjust Exchange Rates” in the Czech version. |
| 475055 | The default FA Posting Type in the purchase line is incorrect in the Czech version. |
| 476909 | The FA Posting Group in the FA Depreciation Book must be the same as the Default FA Posting Group in the FA Subclass specified on the FA card in the Czech version. |
| 477395 | Unable to delete the shipped and received transfer orders in the Czech version. |
| 475498 | The incorrect lines with reverse charge are suggested in the VAT Control report in the Czech version. |
| 479104 | Error when there’s a Reverse Charge in the Suggest VAT Control Report in the Czech version. |
| 478484 | Error when using automatic correction for VAT on advances in the Czech version. |
| ES - SpainID | Title |
| — | — |
| 477004 | “Factura Duplicada” error message on the SII History page if multiple users post documents around the same time in the Spanish version. |
| 478370 | The period tag in the SII XML file does not match the VAT Date in the FechaOperacion tag when the VAT date is used and is different from the Posting Date in the Spanish version. |
| 474929 | Typo in the error message "Check that the all the entries with the same Document No. and a VAT Bus. Posting Group … " in the Spanish version. |
| FI - FinlandID | Title |
| — | — |
| 472801 | “Posting Date outside range” error message when Deferrals and Auto Acc. Group are used in a sales document in the Finnish version. |
| FR - FranceID | Title |
| — | — |
| 469929 | The derogatory amount and the cumulative depreciation is incorrect when calculating the depreciation of a fixed asset in the French version. |
| IT - ItalyID | Title |
| — | — |
| 477440 | The Declaration of Intent Export is not corrected when the vendor is a custom authority in the Italian version. |
| 477991 | The element DatiOrdineAcquisto and IdDocumento cannot have more than 20 characters in the Electronic Invoice in the Italian version. |
| 475538 | The totals are incorrect on the Depreciation Book report when it’s reclassified in the Italian version. |
| 473877 | An incorrect line is generated in the payment journal for withholding tax if there’s no balance account in the first line in the Italian version. |
| 477024 | The element Indirizzo cannot have more than 60 characters in the Electronic Invoice in the Italian version. |
| 472250 | The VAT Exempt No. is truncated in the VAT Exemption Register report in the Italian version. |
| MX - MexicoID | Title |
| — | — |
| 475592 | The Amount value is incorrect for certain fields in the Electronical Invoice report in the Mexican version. |
| 474144 | “El valor del atributo no corresponde con el número de pesos mexicanos” error message when the unit price of a line without VAT is an unusual value. |
| 474200 | “Debe haber sólo un registro con la misma combinación de impuesto, factor y tasa” error message when stamping a payment complement for a sales order that has lines with a zero value in the “Qty. to Ship” field in the Mexican version. |
| US - United StatesID | Title |
| — | — |
| 478512 | IRS entries below the minimum reportable amount impact the IRS 1096 totals in the United States version. |
| 478437 | The payee information is incorrect in the exported Positive Pay file in the United States versio. |
| 473641 | “New Location Code must have a value…” error message when using the Undo Shipment option on the Posted Transfer Shipment page in the United States version. |
| 468452 | Numerous Sales and Inventory Forecast Entries appear in Manual Setup in the United States version. |
| 470283 | The Get Price function does not make any changes to the lines on the Sales Order when the lines subform is sorted by Unit Price Excl. Tax in the United States version. |
| 473758 | Selected orders are missing in the filter on the Batch Post Service Orders request page in the Canadian version in the United States version. |
| 476943 | Issue is generated for the validation of Warehouse Class Code even when the Location Code is set up with the Boolean disabling Check Warehouse Class in the United States version. |
| Regulatory featuresID | Title |
| — | — |
| 459983 | Issue with Audit File Export. |
| Local regulatory features****AU - AustraliaID | Title |
| — | — |
| 459983 | Issue with Audit File Export in the Australian version. |
| DK - DenmarkID | Title |
| — | — |
| 471287 | Issue when uploading a .csv file with accounting data to Regnskab Basis in the Danish version. |
| 459983 | Issue with Audit File Export in the Danish version. |
| IS - IcelandID | Title |
| — | — |
| 477417 | Regulatory update for Sales and Receivables Setup in the Icelandic version. |
| NO - NorwayID | Title |
| — | — |
| 459983 | Issue with Audit File Export in the Norwegian version. |
Resolution
How to obtain the Microsoft Dynamics 365 Business Central 2023 Release Wave 1 files
This update is available for manual download and installation from the Microsoft Download Center.Update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Which hotfix package to download
| This update has multiple hotfix packages. Select and download one of the following packages depending on the country version of your Microsoft Dynamics 365 Business Central 2023 database.Country | Hotfix package |
|---|---|
| AT - Austria | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 AT package |
| AU - Australia | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 AU package |
| BE - Belgium | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 BE package |
| CA - Canada | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 CA package |
| CH - Switzerland | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 CH package |
| CZ- Czechia | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 CZ package |
| DE - Germany | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 DE package |
| DK - Denmark | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 DK package |
| ES - Spain | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 ES package |
| FI - Finland | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 FI package |
| FR - France | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 FR package |
| GB - United Kingdom | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 UK package |
| IN - India | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 IN package |
| IS - Iceland | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 IS package |
| IT - Italy | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 IT package |
| MX - Mexico | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 MX package |
| NL - Netherlands | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 NL package |
| NO - Norway | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 NO package |
| NZ - New Zealand | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 NZ package |
| RU - Russia | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 RU package |
| SE - Sweden | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 SE package |
| US - United States | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 US package |
| All other countries | Download update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 W1 package |
How to install a Microsoft Dynamics 365 Business Central on-premises 2023 Release Wave 1 update
See How to install a Microsoft Dynamics 365 Business Central 2023 Release Wave 1 update.
Prerequisites
You must have Microsoft Dynamics 365 Business Central 2023 Release Wave 1 installed to apply this hotfix.
More information
See more information about software update terminology and Microsoft Dynamics 365 Business Central 2023 Release Wave 1.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the “Applies to” section.
Related
nessus
nessus
Security Updates for Microsoft Dynamics 365 Business Central (August 2023)
2023-08-15 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-38167
2023-08-08 18:15:22
mscve
mscve
Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
2023-08-08 07:00:00
cnvd
cnvd
Microsoft Dynamics Business Central Elevation of Privilege Vulnerability
2023-08-12 00:00:00
prion
prion
Privilege escalation
2023-08-08 18:15:00
cve
cve
CVE-2023-38167
2023-08-08 18:15:22
kaspersky
kaspersky
KLA51711 Multiple vulnerabilities in Microsoft Dynamics
2023-08-08 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2023
2023-08-08 21:11:35
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.2%
Related for KB5029765