SSL v3.0 & Microsoft Dynamics

By 365blog

November 19, 2014

Content type
News and product updates

The SSL 3.0 vulnerability referenced in the Security Advisory 3009008 , also known as “Poodle”, has received a significant amount of attention. While the discovered issue is specific to SSL 3.0, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Dynamics online services.

Microsoft Dynamics Online Services Status

Microsoft Dynamics has completed some of our services and is in the process of remediating the following online services for the SSL 3.0 vulnerability.

Service	SSL v3.0 Mitigation Status
Microsoft Dynamics CRM Online	7-Dec
Microsoft Dynamics Marketing	7-Dec
Microsoft Social Listening	Completed
Parature for Microsoft Dynamics	Completed
Microsoft Dynamics Lifecycle Services	7-Dec
Online Services for Microsoft Dynamics	7-Dec

Recommended Client Side Remediation

It is also highly recommended that you update your browser to disable SSL 3.0 and leverage TLS. Please follow the provided links for more information on how to mitigate within the following browsers

Internet Explorer: https://technet.microsoft.com/en-us/library/security/3009008.aspx
Firefox: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Chrome: http://dottech.org/166990/how-to-disable-ssl-3-0-support-in-chrome-tip/

Note In addition to securing your client side browsers, we also recommend that all customers who are using a mobile platform and may be vulnerable, follow the guidance from their mobile operating system provider.

Additional Information

The following resources provide guidance for customers and administrators to ensure clients are utilizing TLS 1.0 or higher and to disable SSL 3.0 proactively.

You, as an individual, can use the Fix it, which is available for all supported versions of IE, to disable SSL 3.0 in your browser and help ensure you are protected from this vulnerability.
For managed desktop environments, this TechNet article provides guidance on how to determine if your environment has users connecting via SSL 3.0. If any users are identified, Security Advisory 3009008 provides guidance on how to apply a group policy to update the settings.
If you are an Azure customer, also visit the Azure blog for more information.

We want to assure our customers that we take your data and systems’ security seriously and hope that you find this information helpful.

For general information about our approach to security, visit the Microsoft Dynamics CRM Trust Center.

Sincerely,

Microsoft Dynamics Service Engineering Team

365blog

See more articles from this author

PublishedNov 7

1 min read

Boost seller productivity with document summary by Copilot in Dynamics 365 Sales
PublishedOct 31

2 min read

The next chapter for the Schedule Board: Enhanced Usability and Performance
PublishedOct 31

5 min read

Microsoft named a Leader in the 2024 Gartner® Magic Quadrant™ for Sales Force Automation Platforms  
PublishedOct 30

3 min read

Migrate from Customer Service Hub to Customer Service workspace

SSL v3.0 & Microsoft Dynamics

Microsoft Dynamics Online Services Status

Recommended Client Side Remediation

Additional Information

Related posts

Get started with Dynamics 365

Microsoft Dynamics Online Services Status

Recommended Client Side Remediation

Additional Information

Related posts

Boost seller productivity with document summary by Copilot in Dynamics 365 Sales

The next chapter for the Schedule Board: Enhanced Usability and Performance

Microsoft named a Leader in the 2024 Gartner® Magic Quadrant™ for Sales Force Automation Platforms

Migrate from Customer Service Hub to Customer Service workspace

Microsoft named a Leader in the 2024 Gartner® Magic Quadrant™ for Sales Force Automation Platforms  