Andrey Maykov

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics AX versions 4.0 SP2, 2009 SP1, 2012, and 2012 R2 **Description** The issue is related to the improper handling of specially crafted messages in the AOS format, leading to a denial of service (instance outage). This can be caused by remote authenticated users sending crafted data to an Application Object Server (AOS) instance. **Recommendations** For Microsoft Dynamics AX versions 4.0 SP2, 2009 SP1, 2012, and 2012 R2, consider restricting access to the AOS instance to minimize the risk of exploitation. As a temporary workaround, consider implementing additional validation for incoming data to the AOS instance until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.