Cookie Policy. Next Ventures Ltd uses cookies to make your website experience better. OK

Dynamics CRM 2013 SP1 security vulnerability sparks 'all hands on deck' response from Microsoft

Published on 9 January in Next Ventures

A "DOM-based self-XSS vulnerability" for Microsoft Dynamics CRM 2013 SP1 was recently discovered by IT security firm High-Tech Bridge. If exploited, it could be used for cross-site scripting (XSS) attacks against authenticated Dynamics CRM users.

Microsoft responded to the security firm's report by stating that it "does not consider self-XSS issues to be security vulnerabilities," based on standard policies. But a source tells that behind the scenes Microsoft has treated this discovery as an "all hands on deck" issue. They are actively working on a fix for the vulnerability that will be added to an upcoming release or update.


Next Ventures provides its clients with the very best Enterprise Technology resources on a global basis. SAP, Oracle, Microsoft, SAS, Cisco, EMC and IBM.

Discover more
Newsletter signup