Dynamics on-premises elevation of privilege vulnerability: August 13, 2019

Service Update 0.7 for Microsoft Dynamics CRM (on-premises) 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 0.7.

An elevation of privilege vulnerability exists in Microsoft Dynamics (on-premises) 9.0.
 
To learn more about the vulnerability, go to CVE-2019-1229.

To determine whether your organization had this update applied, check your Microsoft Dynamics CRM Online version number. Select the gear icon in the upper-right corner, and then select About.

Update information

Microsoft Dynamics 365 (on-premises) Update 0.7 is now available.

The following file is available for download from the Microsoft Download Center:

Download the Microsoft Dynamics 365 (online and on-premises) Update 0.7 package now.

Service Update 0.7 resolves the following issues:

Repaired functionality

The following list details issues that are resolved in this update:

• The Ribbon command bar does not display when you add a new SLA item.
• Target list items can't be added if the campaign owner is a team.
• The icon of a sitemap area can't be changed through the SiteMap Editor.
• On-premises installation fails when the default collation is changed.
• An SPN workaround that addressed issues that affected PowerShell commands stopped working.
• The Help ("?") link in the upper-right corner of the Sales app in the Unified Interface does not work.
• The Close ("x") button that appears on pop-up windows does not work.

Error messages, exceptions, and failures 

The following list details issues that produce errors, unhandled exceptions, and system or component failures, and that are resolved in this update:

• When Turbo Forms is enabled, URLs that are created in JavaScript are not recognized when selected, and a 404 error occurs.
• An error occurs when you attach a small text file to an email message (Error: "Index and length must refer to a location within the string").
• An error occurs when you load the Quick Create form on an Opportunity product (Error: "Unable to get property '0' of undefined or null reference.)
• An SQL error occurs if Full Text Search is enabled.
• Custom entity fields are read-only in Web Client.
• Imports fail and return a "Directory Services COM" exception.
   

Return to Release List

Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

• Download Service Update 0.7 for Microsoft Dynamics CRM (on-premises) 9.0 

• Protect yourself online: Windows Security support
• Learn how we guard against cyber threats: Microsoft Security

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.