CVE-2024-35249 is a critical vulnerability identified in Microsoft Dynamics 365 Business Central 2024 Release Wave 1 (version 24.0). The root cause is improper handling of deserialization of untrusted data (CWE-502), which can lead to remote code execution (RCE). Deserialization vulnerabilities occur when an application deserializes data from untrusted sources without sufficient validation, enabling attackers to craft malicious payloads that execute arbitrary code during the deserialization process. This vulnerability allows an attacker with low privileges (PR:L) to remotely execute code without requiring user interaction (UI:N), increasing the attack surface significantly. The CVSS 3.1 vector indicates network attack vector (AV:N), low attack complexity (AC:L), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are currently known, the vulnerability is rated high severity due to the potential for complete system compromise. Microsoft Dynamics 365 Business Central is a widely used ERP system in enterprises, managing critical business processes and sensitive data, making this vulnerability particularly dangerous. The lack of available patches at the time of publication necessitates immediate risk mitigation through access controls and monitoring. The vulnerability was reserved in mid-May 2024 and published in June 2024, indicating recent discovery and disclosure.

European organizations using Microsoft Dynamics 365 Business Central 2024 Release Wave 1 face significant risks from this vulnerability. Successful exploitation could lead to full system compromise, allowing attackers to access sensitive financial and operational data, disrupt business processes, and potentially deploy ransomware or other malware. The high impact on confidentiality, integrity, and availability means that data breaches, data manipulation, and service outages are plausible outcomes. Given the critical role of ERP systems in business continuity, exploitation could cause severe financial losses, reputational damage, and regulatory penalties under GDPR. The remote code execution capability without user interaction and low privilege requirements increase the likelihood of automated or targeted attacks. Organizations in sectors such as finance, manufacturing, retail, and public administration, which heavily rely on Dynamics 365, are particularly vulnerable. The absence of known exploits provides a window for proactive defense, but also means attackers may develop exploits soon after disclosure.

1. Monitor Microsoft’s official channels closely and apply security patches immediately upon release to remediate the vulnerability. 2. Until patches are available, restrict network access to the Dynamics 365 Business Central service using firewalls and network segmentation, limiting exposure to trusted internal networks only. 3. Implement strict access controls and enforce least privilege principles to minimize the number of users with permissions that could be leveraged for exploitation. 4. Enable and review detailed logging and monitoring for unusual deserialization activities or unexpected code execution patterns within the application environment. 5. Conduct regular security assessments and penetration testing focused on deserialization and input validation weaknesses. 6. Employ Web Application Firewalls (WAFs) with custom rules to detect and block malicious serialized payloads targeting the application. 7. Educate IT and security teams about the nature of deserialization vulnerabilities and signs of exploitation to improve incident response readiness. 8. Consider deploying runtime application self-protection (RASP) solutions that can detect and prevent exploitation attempts in real time. 9. Review and harden configuration settings of Dynamics 365 Business Central to disable or limit features that process serialized data from untrusted sources. 10. Maintain an incident response plan tailored to ERP system compromises, including containment, eradication, and recovery procedures.