SSL v3.0 & Microsoft Dynamics


 

 

The SSL 3.0 vulnerability referenced in the Security Advisory 3009008 , also known as “Poodle”, has received a significant amount of attention. While the discovered issue is specific to SSL 3.0, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Dynamics online services. 

Microsoft Dynamics Online Services Status

Microsoft Dynamics has completed some of our services and is in the process of remediating the following online services for the SSL 3.0 vulnerability.

Service

SSL v3.0 Mitigation Status

 

Microsoft Dynamics CRM Online

7-Dec

Microsoft Dynamics Marketing

7-Dec

Microsoft Social Listening

Completed

Parature for Microsoft Dynamics

Completed

Microsoft Dynamics Lifecycle Services

7-Dec

Online Services for Microsoft Dynamics

7-Dec

Recommended Client Side Remediation

It is also highly recommended that you update your browser to disable SSL 3.0 and leverage TLS.  Please follow the provided links for more information on how to mitigate within the following browsers

Note      In addition to securing your client side browsers, we also recommend that all customers who are using a mobile platform and may be vulnerable, follow the guidance from their mobile operating system provider. 

Additional Information

The following resources provide guidance for customers and administrators to ensure clients are utilizing TLS 1.0 or higher and to disable SSL 3.0 proactively.

  • You, as an individual, can use the Fix it, which is available for all supported versions of IE, to disable SSL 3.0 in your browser and help ensure you are protected from this vulnerability.
  • For managed desktop environments, this TechNet article provides guidance on how to determine if your environment has users connecting via SSL 3.0. If any users are identified, Security Advisory 3009008 provides guidance on how to apply a group policy to update the settings.
  • If you are an Azure customer, also visit the Azure blog for more information.

We want to assure our customers that we take your data and systems’ security seriously and hope that you find this information helpful.

For general information about our approach to security, visit the Microsoft Dynamics CRM Trust Center.

Sincerely,

Microsoft Dynamics Service Engineering Team

Comments (3)

  1. Raza says:

    Hi, When I am trying to use system Diagnostics and running the setup, I receive an error " Specify the valid certificate to Authenticate Microsoft Dynamics Lifecycle Services System Diagnostic Services" I did some research and few folks are receiving this error, it used to work fine on my machine but now the new installer isn't installing. Is there any work around for this issue?

    I was able to fix it on windows 2007 but windows server 2012 and windows 8.1 still giving me this issue.

  2. Hi Raza,

    We're looking into this issue now. I'll have more information for you soon.

  3. Raza says:

    Thanks Jared,

    Just so that you know I have tried every solution possible especially the one " Put the cert in Trusted Root" so Please do try with windows 2012 -

    Appreciate it.

Skip to main content