Microsoft Dynamics CRM Hotfix for Microsoft Security Advisory 2416728

Article ID: 2421203 - View products that this article applies to.
Notice
Prerequisites to install the software update:

Microsoft Dynamics CRM 3.0 Server Update Rollup 3

Microsoft Dynamics CRM 3.0 Server (Japanese and Chinese) Update Rollup 2

Microsoft Dynamics CRM 3.0 Service Provider Edition Server Update Rollup 2

Microsoft Dynamics CRM 4.0 Server Update Rollup 13

Microsoft Dynamics CRM 2011 Server
Expand all | Collapse all

SYMPTOMS

A vulnerability has been identified in ASP.NET that affects the following version of Microsoft Dynamics CRM:

Microsoft Dynamics CRM 3.0

Microsoft Dynamics CRM 3.0 CHS (Chinese - PRC) and JPN (Japanese - Japan)

Microsoft Dynamics CRM 3.0 SPE (Service Provider Edition)

Microsoft Dynamics CRM 4.0

Microsoft Dynamics CRM 2011 Beta

This vulnerability is discussed in Microsoft Security Advisory (2416728

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

RESOLUTION

In order to address the ASP.NET Security Advisory (2416728), install the ASP.NET patches from here. The patch may ask you to restart your box.

Microsoft Dynamics CRM had released hot fixes to be applied around ASP.NET workarounds for Microsoft Security Advisory 2416728. Those updates no longer apply and have been removed from the Microsoft download center. 

NOTE: If you have previously applied the security hotfix released by Dynamics CRM for security advisory 2416728, then you will need to follow the steps mentioned below. 

How to check if Dynamics CRM hotfix is installed?

Connect to your CRM server as local administrator. Click on Start, click Control Panel and then click Program and Features. Click View Installed Updates in the left navigation bar and check if a patch beginning with CRMv4.0-KB2421203 is installed.  

Steps to remove the Dynamic CRM hotfix:

Step 1: In order to address the ASP.NET Security Advisory (2416728), install the ASP.NET patches from here. The patch may ask you to restart your box.

Step 2: Uninstall the Dynamic CRM patches. To do so, connect to your CRM server as local administrator. Click on Start, click Control Panel and then click Program and Features. Click View Installed Updates in the left navigation bar. Select the patches with the name beginning with CRMv4.0-KB2421203 and click Uninstall.

Step 3: Restart your server.

Step 4: Navigate to the webroot folder of your CRM application:
 <drive:>\inetpub\wwwroot\web.config. 

Search for customErrors node. If you find the following line, remove this line from web.config and save the file:

<customErrors mode=”On” defaultRedirect=”~/error2.aspx”>

Step 5: Navigate to help folder under the webroot folder of your CRM application:

 <drive:>\inetpub\wwwroot\help\web.config and repeat Step 4.

Step 6: Verify that there is no error2.aspx existing under the following locations:

<drive:>\inetpub\wwwroot\

 or  <drive:>\inetpub\wwwroot\help\

MORE INFORMATION

The update released along with Security Update for Microsoft Dynamics CRM (KB 2421203) were hotfixes over and above the ASP.NET workaround. Ensure to remove the Dynamics CRM hotfix after the ASP.NET patch is applied. Dynamics CRM hotfix (2421203) is not intended as a permanent fix.


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2421203 - Last Review: January 20, 2012 - Revision: 3.2
APPLIES TO
  • Microsoft Dynamics CRM 4.0
  • Microsoft Dynamics CRM 3.0
  • Microsoft Dynamics CRM 3.0 Professional Edition for Service Providers
  • Microsoft Dynamics CRM 4.0 Workgroup
  • Microsoft Dynamics CRM 2011
Keywords: 
kbautohotfix kbqfe kbhotfixserver kbfix KB2421203

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com