Description of the security update for the security feature bypass vulnerability in Microsoft Dynamics 365 (on-premises) version 9.0: May 14, 2019

Applies to: Dynamics 365


Service Update 0.4 for Microsoft Dynamics CRM (on-premises) 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 0.4.


A security feature bypass vulnerability exists in Dynamics On Premise.

To learn more about the vulnerability, go to CVE-2019-1008. To learn more about the vulnerabilities, go to the Security Update Guide.


Update package Version number
Service Update 0.4 for Microsoft Dynamics CRM (on-premises) 9.0

To determine whether your organization had this update applied, check your Microsoft Dynamics CRM Online version number. Click the gear icon in the upper-right corner, and then click About.

Update information

Microsoft Dynamics 365 (on-premises) Update 0.4 is now available.

The following file is available for download from the Microsoft Download Center:

Download the Microsoft Dynamics 365 (online and on-premises) Update 0.4 package now.

Service Update 0.4 resolves the following issues:

Unexpected Behavior

The following list details issues whose resolutions correct actions performed in Dynamics that do not work as intended.

  • Grey filled panels created layout trashing when a subgrid was present.

Repaired Functionality

The following list details issues whose resolutions repair items in Dynamics that are not functioning.

  • Attachment filenames were not correctly encoded/decoded when they contained unicode characters.
  • Unified Client did not load when it was accessed through an Internet-facing deployment (IFD) intranet URL.
  • Custom entity forms were not loading.
  • On-prem installations failed when the default collation was changed.
  • Downloaded attachments could not be opened.
  • Action execution deadlocks occurred when creating a record on an entity with an associated business process flow.
  • Quick find searches returend inaccurate results when full-text search was enabled.
  • A software development kit's performance detracted from a qualify lead's performance.

Error Messages, Exceptions, and Failures 

The following list details issues whose resolutions correct actions that produce errors, unhandled exceptions, or system or component failures.

  • An error occurred when loading workflows.
  • Exchange Solution Reviewed Program (ESRP) storage signing failed when some files' file path limits were exceeded.

Return to Release List

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

Information about protection and security

File information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.