Were  vulnerabilities in CRM 4.0 corrected in CRM 2011

apollo7 used Ask the Experts™
CRM 4, CRM 2011 upgrade

We are doing a CRM 4.0 to CRM 2011 upgrade.  I have been asked if certain vulnerabilities are addressed in CRM 2011 (that were present in CRM 4.0)

Specifically, vulnerabilities are reported in the .ASPX files. It exposes version information from IIS, .ASP NET etc.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
All the CRM Update and Hotfixes for versions 3.0 – 2016 can be found in the link below.


The two are difference and the concern if that issue is still in latest 2011. You should have addressed it by having the latest update and fixes after setting up 2011.

The past error leak was also resolved and note the one affected is both v4 and 2011 beta, not the final 2011 release.


Nonetheless, you should also be wary that 2011 is already end of life and you should plan for the later platform ..
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018

Hi apollo7,

There were some other security issues introduced by Download FetchXML (Advanced Find), it is not documented but has come up in some of the security reviews. I was able to bypass it by using unsupported methods (this was 7 or 8 years back - Unsupported was the only way to move forward).

Apart from that, Dynamics CRM / Dynamics 365 CE team itself maintains a list of all possible URs and Updates here: https://blogs.msdn.microsoft.com/crminthefield/2013/07/11/microsoft-dynamics-crm-2015-2013-and-2011-update-rollups-and-service-packs-release-dates-build-numbers-and-collateral/



Thanks for the answerw

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial