Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

A cross-site scripting vulnerability exists when Microsoft Dynamics NAV 2013 R2 doesn't properly sanitize specially crafted web requests on an affected Dynamics NAV Web client. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics NAV Web client. See CVE-2018-8651 for more information.

Deployment information

This update is based on the latest Cumulative Update of Dynamics NAV 2013 R2 (CU 51, build 49751). Therefore, you must deploy that update before this one.

The update package contains the Dynamics NAV Web client, which should be deployed by copying the provided files into the Dynamics NAV Web Site folder.

How to download the update package

You can get the update package through the Microsoft Download Center.

How to deploy the update package

  1. Download the update package. It contains a folder named "WEB CLIENT".

  2. Locate the folder where you installed the Dynamics NAV Web client (usually, it is located within the C:\inetpub\wwwroot\<InstanceName>\WebClient folder)

    1. Open the Internet Information Services (IIS) Manager.

    2. Select Sites > Default Web Site > Microsoft Dynamics NAV 2013 R2 Web Client > DynamicsNAV71.

    3. Right-click the DynamicsNAV71 folder site and select Explore.

    4. Open the WebClient folder.

  3. Stop the Internet Information Server that's running the Web client.

  4. Copy the context of the WEB CLIENT folder that you downloaded in step 1 and paste it over the WebClient folder that you opened in step d of step 2.

  5. Start the Internet Information Server again.

    The update package is deployed.

More Information

When you start the Dynamics NAV Web client, you receive a warning that states that the server and the client are not the same version. This is expected because a new version of the Dynamics NAV Web client. To prevent this warning from appearing for the Web client users, you can disable the warning in the server configure file. To do this, follow these steps:

  1. Open the Microsoft Dynamics NAV 2013 R2 Administration (management console snap-in).

  2. From the console root, locate and expand Microsoft Dynamics NAV > DynamicsNAV71 <Server Instance Name>.

  3. The first setting under the general fast tab is called "build restriction," and its default setting is WarnClient. Set it to AlwaysConnect.

  4. Select the Edit button, and then change the value.

  5. Select the Save button, and then select OK when you are prompted, "The new settings value will not take effect until you stop and restart the service."

  6. Restart the server as follows:

    1. Select Console root > Microsoft Dynamics NAV in the right site of the Management console.

    2. Select the Service (DynamicsNAV71) in the middle area of the console.

    3. When you select the right side of the console, an option to restart the server will be displayed. Select OK, and the server will be restarted.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×