Dynamics 365 Is Already Burning

22:129 scenes7 speakersBriefing

01 Cold Open: Cobalt Strike Is Already Landing

Chapters

01Cold Open: Cobalt Strike Is Already Landing

02Sponsor — Blue Cortex AI

03CVE-2026-42833: The Kill Chain

04Authentication Surface and Sector Targeting: What We Don't Know

05The Weekend Patching Sequence: 137 CVEs, Four Tiers

06Canvas Ransom Deadline: Does No Dump Mean No Obligation?

07Trump AI Safety Rules: Enforceable Mandate or Wish List?

08EU AI Act vs. US Deregulation: Competitive Positioning or Safety Convergence?

09Synthesis and Closing: What You Do Before Monday

Speakers

HalilAlexJamesPierreDr.Dr.Dr.

▶01Cold Open: Cobalt Strike Is Already Landing00:00

HalilCobalt Strike beacons are already landing on Dynamics 365 On-Prem servers. Not theoretical. Not a researcher's proof of concept. Right now, in finance and manufacturing environments.

HalilCVE 2026-42833. CVSS nine point eight. Unauthenticated remote code execution via deserialization in the legacy .NET message bus. Out-of-band patches dropped yesterday. The clock is already running.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilThree threads today. First: the Dynamics kill chain, the lateral movement paths into AD and SQL, and what your team does in the next seventy-two hours. Second: it's Patch Tuesday — a hundred thirty-seven CVEs, and we need a weekend patching sequence before people leave on Friday. Third: the AI safety policy picture — Sofia and Arjun found a significant gap between what's being described as enforceable regulation and what's actually on the books.

HalilAnd a quick note on Canvas — we've covered ShinyHunters and the ransom deadline extensively this week. The deadline passed with no confirmed data dump. Today's question is narrower: does that change your legal notification obligations? Sofia has a crisp answer, and it may not be what institutions are assuming.

▶02Sponsor — Blue Cortex AI01:39

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03CVE-2026-42833: The Kill Chain02:49

HalilAlex — deserialization root cause, kill chain, lateral movement paths. What are we actually dealing with?

AlexSo — this isn't your typical JSON deserialization bug. Dynamics 365 On-Prem runs on the old .NET Enterprise Services stack. I'm assessing this as BinaryFormatter deserialization in the message bus.

AlexBinaryFormatter accepts fully qualified type names in the serialized stream. No validation. Attacker sends a crafted payload to the message queue endpoint — HTTP 80 or 443 — and gadget chains from assemblies already in the Global Assembly Cache do the rest.

HalilExecution context?

AlexSYSTEM on the Dynamics server. And then the pivot options are immediate. These servers are AD-integrated by design. The service account has domain credentials — Kerberoasting target, TrustedForDelegation misconfigs, the works.

JamesAnd the SQL backend. Dynamics stores everything in SQL with high-privileged service accounts. In a lot of orgs, that's DBA rights, which means xp_cmdshell, which means domain admin. That path is ugly and fast.

AlexExactly. Finance and manufacturing targeting makes sense — legacy Dynamics deployments, weak segmentation between ERP and domain infrastructure. These aren't hardened environments.

PierreAnd the data sitting in those ERP systems — customer PII, pricing data, supplier contracts, financial records. This isn't just operational disruption. It's business email compromise fuel.

HalilJames, what's your process tree tell on a compromised Dynamics server?

Jamesw3wp.exe — the IIS worker — spawning PowerShell, cmd, msbuild, or csc.exe. That .NET compilation chain is your tell. Also watch for w3wp.exe loading rundll32 or regsvr32 from HTTP or UNC paths. Classic Cobalt Strike staging.

AlexOutbound 443 from Dynamics app pools to IPs outside your baseline. That's your beacon check-in. Behavioral is your edge right now — no novel CS indicators have surfaced yet.

JamesHunt first. Patch second. You need detection live before the patches finish deploying — that's your insurance if staging runs long.

▶04Authentication Surface and Sector Targeting: What We Don't Know05:27

HalilAlex, I need to press on one thing. The vendor says unauthenticated. But is the message queue endpoint actually exposed at the network layer in a typical Dynamics deployment?

AlexHonest answer? I can't confirm that. Windows News states unauthenticated attackers can execute arbitrary code — no credentials, no AD auth cited as preconditions. That's the vendor characterization.

AlexBut I cannot tell you whether that endpoint is typically internet-facing or whether most deployments have it firewalled to internal nets only. That distinction is enormous.

JamesRight, and that's actually the first question every team should be answering right now — before they even look at patch staging. Is that endpoint reachable from outside?

HalilSo if it's externally reachable on 80 or 443—

AlexPre-auth RCE from anywhere on the planet. If it only binds locally or to an internal subnet, you need a foothold first. Same vulnerability, very different exposure.

PierreHmm. That actually changes the financial exposure model significantly. Internet-facing means mass exploitation, not targeted. The tail risk expands a lot.

HalilWhat about the finance and manufacturing victims — targeted or opportunistic?

AlexNo data to distinguish. Could be sector-specific recon. Could be Shodan scanning found public Dynamics instances and those sectors just happened to be exposed. I can't tell you without TTP attribution or Cobalt Strike watermark analysis.

JamesWhich means don't tell leadership 'this actor is coming for our industry' unless you have independent evidence. What you can say: active exploitation confirmed, pre-auth per vendor, and organizations in two sectors have already been hit.

HalilThat's the honest framing. Pierre, bottom line for a board?

PierreThree bullets. Material financial exposure concentrated in manufacturing and financial services — recovery runs one to six weeks depending on IR maturity, a hundred K to over a million per day in revenue loss. Regulatory disclosure pressures are immediate — the four-day SEC clock starts at materiality determination. And delay beyond seventy-two hours shifts you into worst-case cascade range.

▶05The Weekend Patching Sequence: 137 CVEs, Four Tiers08:01

HalilJames, this is the first zero-zero-day Patch Tuesday since June 2024 — a hundred thirty-seven CVEs, nothing actively exploited in the regular batch. Give me the weekend patching order.

JamesOrder is non-negotiable. Dynamics 42833 first — it's the only one actively exploited, full stop. That jumps the queue regardless of your ERP maintenance windows.

AlexAgreed. What's second?

JamesCVE 2026-41089 — Netlogon RCE. CVSS nine point eight, no auth, no user interaction, domain controllers are the target. No PoC yet, but that window closes fast.

AlexI'm assessing PoC within twenty-four to forty-eight hours based on Zerologon precedent — same attack surface, same explosive potential. Rapid7 notes it offers an attacker more immediate control of a DC than Zerologon did. Verify that timeline against ZDI and Rapid7 advisories, but I'd act as if the clock is already running.

JamesAnd if I'm being blunt — there is no practical compensating control for Netlogon RCE. You patch or you accept the risk. That's it.

HalilThird tier?

JamesCVE 2026-41096, DNS Client RCE. Every Windows endpoint runs the DNS client — broad surface. But it requires network positioning to deliver a malicious response. Slightly lower urgency than Netlogon because DC compromise is existential. Block UDP 53 outbound from workstations at the perimeter as a compensating control while patches land.

AlexDNS plus Netlogon together is ransomware deployment infrastructure in a weekend. Network-level RCE followed by DC takeover. Don't let the zero-zero-day headline slow you down.

JamesWhich is exactly my point. Zero zero-days is false comfort. Your adversaries aren't waiting for Patch Tuesday.

HalilAnd Hyper-V — CVE 2026-40402?

JamesNext week. Requires guest compromise first — it's a chained attack only. If your guest workloads are trusted, this waits. Segment guest VM networks from the management plane until you can patch.

▶06Canvas Ransom Deadline: Does No Dump Mean No Obligation?10:28

HalilWe've covered Canvas and ShinyHunters extensively this week — the deadline, the financial exposure, the institutional denial. Quick update: the ransom deadline passed with no confirmed data dump. Sofia, does that change the notification picture?

Dr.Short answer — no. And this is the mistake institutions are making right now. FERPA — the Family Educational Rights and Privacy Act — does not contain specific breach notification requirements. The Department of Education itself lacks the authority to mandate direct notice to parents or students after an unauthorized disclosure.

HalilSo what does FERPA actually require?

Dr.Maintaining a record of each disclosure. The trigger is unauthorized access to education records — not whether the data ends up published on a dark web forum. The delisting without a confirmed dump is a gray zone, but it doesn't reset your clock.

HalilBecause the data is still in adversary hands.

Dr.Almost certainly. And without confirmed third-party disclosure, the harm assessment becomes subjective. But here's my practical guidance: treat the access event itself as the FERPA logging trigger. Then assess independently against your state-level notification statutes.

PierreWhich vary enormously by state. Some states have very short windows — forty-five days, some even less. The federal ambiguity doesn't give you cover on state law.

Dr.Exactly. Do not wait for confirmed publication. Document the risk-based decision. If you conclude no third-party disclosure occurred, write that down with your reasoning — because regulators will ask.

HalilClean. The access event is the trigger, not the leak. Moving on.

▶07Trump AI Safety Rules: Enforceable Mandate or Wish List?12:22

HalilThe briefing this morning characterized Trump administration AI safety measures as enforceable mandates. Sofia, Arjun — you both pushed back on that independently. What did you find?

Dr.I have to flag a material uncertainty here. The December 2025 Executive Order calls for a minimally burdensome national policy framework and seeks to preempt state AI laws. But the March 2026 National Policy Framework is explicitly described as a non-binding wish list.

Dr.That matches what I'm seeing from the technical side. The Commerce Department announced expanded agreements with Google DeepMind, Microsoft, and xAI for pre-deployment security evaluations. But those appear to be voluntary — government access agreements during safety reviews, not real-time breach reporting obligations.

Dr.Right. Until Congress enacts binding legislation or a federal agency issues binding rules through notice-and-comment rulemaking, these obligations are aspirational policy guidance. The Blackburn Bill — the most comprehensive federal AI legislation proposed — remains in nascent legislative stages.

HalilSo organizations deploying frontier AI — what's actually binding on them right now?

Dr.Honestly? FTC Section 5 enforcement under the policy statement directive is the closest thing to real teeth. But mandatory incident reporting with operational consequences? I don't see it in the current framework.

Dr.Monitor it. Verify against official guidance as implementation details emerge. But do not build compliance programs around these measures as if they're enforceable mandates today.

HalilElena, you read this very differently from a geopolitical lens.

Dr.Because I think framing it as a safety question misses the point entirely. Look at the executive order's own language — sustaining AI dominance, eliminating state-level obstruction. This is competition with China, full stop.

Dr.Hmm.

Dr.The expanded access list isn't just about government efficiency. It's about ensuring American frontier labs operate under federal umbrella access before export control debates crystallize around frontier models. Whoever controls the capability assessment controls what gets classified as dangerous versus deployable.

Dr.That's an interpretive frame, Elena — not a verified conclusion. Organizations still need to track the actual compliance calendar.

Dr.Agreed. But the compliance calendar that actually matters may be in Brussels, not Washington.

▶08EU AI Act vs. US Deregulation: Competitive Positioning or Safety Convergence?15:06

HalilElena, make the case. Why is August 2026 the date organizations should actually be watching?

Dr.GPAI — that's General Purpose AI — model provider obligations under the EU AI Act took effect August 2025. But Commission enforcement powers over generative AI models don't kick in until August 2, 2026. High-risk AI system rules follow the same timeline.

Dr.Brussels built a runway — ostensibly for compliance, but realistically to avoid choking innovation before the ecosystem matured. That runway ends in less than three months.

Dr.And the divergence you're describing — US deregulating, EU gaining enforcement teeth simultaneously — that creates real operational complexity for any frontier lab operating in both markets.

Dr.Bifurcated product stacks. Regulatory arbitrage. Potentially firms relocating R&D. And — this is my concern — US pressure on allies to water down EU enforcement. We saw that playbook with semiconductor controls.

Dr.The GDPR parallel is instructive here. In 2018, GDPR extraterritoriality forced global compliance redesign — companies that thought they could ignore it found out quickly they couldn't. The AI Act's August enforcement could trigger the same dynamic.

HalilSo your thesis is these aren't parallel safety frameworks—

Dr.They're competitive positioning moves disguised as safety policy. The real question is whose safety framework becomes the global default. And whether 'safety' becomes the new export control vocabulary.

Dr.That's — that's a strong claim. I think it's directionally right but I'd want to see more evidence before I'd call it a certainty.

Dr.It's a thesis, not a verdict. But consider the timing: Brussels gains enforcement teeth over GPAI providers in August 2026, right as US election season heats up. The information asymmetry that Washington is building — government agencies with capability assessment visibility — mirrors exactly how Commerce Department entity list decisions have historically been informed by industry briefings.

HalilArjun, practical upshot for organizations running frontier AI in production right now?

Dr.Track August 2026 as your potentially binding compliance milestone if you have EU operations. On the US side, the risk concentration remains at the API boundary — not model weights theft, but adversarial access through the interface. Isolate LLM outputs from downstream action execution. Treat that endpoint as untrusted.

▶09Synthesis and Closing: What You Do Before Monday17:59

HalilLet me pull the threads together, because we've covered a lot of ground and there's a patching weekend starting tonight.

HalilCVE 2026-42833 in Dynamics 365 On-Prem is the active emergency. Per Windows News analysis, exploitation is confirmed. Cobalt Strike beacons are already deployed in finance and manufacturing environments. Patches KB5034926 through 28 are available now.

JamesHunt first. Before you touch patches — look for w3wp.exe spawning PowerShell, cmd, or csc.exe on your Dynamics servers right now. That's your immediate action.

AlexAnd verify whether that message queue endpoint is externally reachable. Pre-auth RCE from the internet is a different risk posture than pre-auth from inside your network. That network-layer question determines your actual exposure.

HalilThen the Patch Tuesday sequence this weekend. James's order: Dynamics first — already exploited. Netlogon RCE, CVE 2026-41089, second — unauthenticated DC compromise, Alex is assessing PoC within forty-eight hours based on Zerologon precedent, verify that against ZDI and Rapid7. DNS Client RCE, CVE 2026-41096, third — block UDP 53 outbound from workstations as a compensating control in the meantime. Hyper-V escape next week.

JamesThe zero-zero-day headline is noise. Don't let it slow you down. DNS and Netlogon together are ransomware deployment infrastructure. Patch them before Monday.

HalilOn Canvas — the ransom deadline passed, no confirmed dump. Sofia's guidance is unambiguous: the notification trigger under FERPA is unauthorized access, not publication. Assess your state-level obligations now. Do not wait.

HalilOn AI regulation — Sofia and Arjun both found the same thing independently: current US AI safety measures appear aspirational, not enforceable mandates. Voluntary pre-deployment evaluation agreements, not binding incident reporting. If you have EU operations, August 2, 2026 is the date that actually has teeth — that's when Commission enforcement powers over generative AI models go live.

HalilWhat we're watching tomorrow: whether PoC code surfaces for Netlogon RCE, whether Microsoft releases additional guidance on the Dynamics endpoint exposure question, and whether any further Canvas data surfaces following the expired deadline.

HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Wed20May

Exploitation Overtakes Credentials: The DBIR Inflection Point

34:4711 sc

Tue19May

pgcrypto's Twenty-Year Debt, Storm-2949's Invisible Breach, and the @antv Worm

33:4910 sc

Mon18May

47 Zero-Days, No Patches: Pwn2Own Berlin's Reckoning

30:2910 sc

Sun17May

TOTP Secrets, Silent Patches, and a 2005 Malware That Rewrites History