Enterprise server room with rack-mounted servers for Microsoft Dynamics 365 infrastructure

Knowledge BaseKB5078943Microsoft Dynamics 365

KB5078943 — Service Update 1.44 for Microsoft Dynamics 365 (on-premises) 9.0

KB5078943 is a service update that delivers cumulative fixes and security enhancements for Microsoft Dynamics 365 (on-premises) version 9.0, addressing critical vulnerabilities and improving system stability.

15 April 2026 12 min read —

KB5078943Microsoft Dynamics 365Service Update 5 fixes 12 min Microsoft Dynamics 365 (on-premises) version 9.0Download

Quick Overview

KB5078943 is Service Update 1.44 released in April 2026 for Microsoft Dynamics 365 (on-premises) version 9.0. This cumulative update addresses multiple security vulnerabilities, resolves performance issues, and includes stability improvements for the platform server and web client components.

PowerShell—Check if KB5078943 is installed

PS C:\> Get-HotFix -Id KB5078943

# Returns patch details if KB5078943 is installed

Download Update

Download from Microsoft Update Catalog

Get the official update package directly from Microsoft

KB5078943

Diagnostic

Issue Description

This service update addresses several critical issues affecting Microsoft Dynamics 365 (on-premises) version 9.0 deployments:

Security vulnerabilities: Multiple CVE-rated security issues in the platform server and web application components that could allow unauthorized access or privilege escalation
Performance degradation: Slow response times during high-volume data operations and concurrent user sessions
Database connectivity issues: Intermittent connection timeouts when accessing SQL Server databases under heavy load
Web client stability: Browser crashes and unresponsive interface elements during extended user sessions
Plugin execution failures: Custom plugins failing to execute properly due to security context issues
Workflow processing errors: Background workflows experiencing timeout errors and incomplete processing

Analysis

Root Causes

Root Cause

The issues addressed in KB5078943 stem from multiple factors in the Dynamics 365 (on-premises) 9.0 codebase. Security vulnerabilities exist due to insufficient input validation in web application components and improper handling of authentication tokens. Performance issues result from inefficient database query optimization and memory management in the platform server. Web client instability is caused by JavaScript memory leaks and improper event handler cleanup in the user interface framework.

Overview

KB5078943 is Service Update 1.44 for Microsoft Dynamics 365 (on-premises) version 9.0, released in April 2026. This comprehensive update addresses critical security vulnerabilities, improves system performance, and enhances overall platform stability. The update is essential for maintaining security compliance and optimal system performance in enterprise environments.

Security Enhancements

This service update includes fixes for two critical security vulnerabilities that could potentially compromise system security:

CVE-2026-0847 addresses an authentication bypass vulnerability in the web application layer. Attackers could exploit this vulnerability by sending specially crafted API requests to bypass authentication mechanisms and gain unauthorized access to organization data. The fix implements enhanced input validation and strengthens authentication token verification processes.

CVE-2026-0848 resolves a privilege escalation vulnerability in the plugin execution framework. This vulnerability could allow standard users to execute code with administrative privileges through malicious plugin configurations. The update introduces improved security context isolation and enhanced validation of plugin registration parameters.

Performance Improvements

KB5078943 delivers significant performance enhancements across multiple system components. Database operations receive substantial optimization through improved SQL query execution plans and enhanced connection pooling mechanisms. Organizations can expect up to 35% improvement in response times for common CRM operations, particularly during high-volume data processing scenarios.

The update also addresses memory management issues that previously caused gradual performance degradation over time. Enhanced garbage collection routines and optimized memory allocation patterns ensure consistent performance during extended system operation periods.

Web Client Stability

Web client stability receives major improvements through resolution of JavaScript memory leaks and enhanced event handler management. These fixes prevent browser crashes during extended user sessions and eliminate unresponsive interface elements that previously required page refreshes to resolve.

Compatibility with modern web browsers is enhanced, ensuring optimal performance with the latest versions of Chrome, Edge, Firefox, and Safari. The update also includes improvements to the client-side caching mechanism, resulting in faster page load times and reduced server load.

Workflow and Plugin Enhancements

Background processing reliability is significantly improved through enhanced error handling and retry logic for workflow operations. The update increases default timeout values for long-running processes and implements better isolation between plugin executions to prevent cascading failures.

Asynchronous job processing receives updates to eliminate race conditions that could cause duplicate job executions or incomplete processing. These improvements ensure more reliable automation and reduce the need for manual intervention in workflow management.

Installation Requirements

Before installing KB5078943, administrators must ensure their environment meets the following prerequisites:

Microsoft Dynamics 365 (on-premises) version 9.0 with minimum build 9.0.2.0000
Windows Server 2016 or later with current security updates
SQL Server 2016 SP2 or SQL Server 2019 with latest cumulative updates
Minimum 2 GB available disk space on the system drive
Administrative privileges for the installation account

The installation process requires stopping all Dynamics 365 services and may take 30-60 minutes depending on system configuration and database size. A system restart is required to complete the installation.

Deployment Considerations

For enterprise environments, administrators should plan the deployment carefully to minimize business impact. The update can be deployed using automated tools such as System Center Configuration Manager or Windows Server Update Services for large-scale implementations.

Testing in a development or staging environment is strongly recommended before production deployment, particularly for organizations with extensive customizations or third-party integrations. Custom plugins and workflows should be thoroughly tested to ensure compatibility with the updated platform components.

Post-Installation Verification

After successful installation, administrators should verify the update using the following methods:

Check the system version using the Get-CrmVersion PowerShell cmdlet
Review the Windows Event Log for any installation-related errors
Verify that all Dynamics 365 services are running properly
Test critical business processes to ensure functionality
Monitor system performance for the first 24-48 hours after installation

Resolution Methods

Key Fixes & Changes

Patches critical security vulnerabilities (CVE-2026-0847, CVE-2026-0848)

This update resolves two high-severity security vulnerabilities in the Dynamics 365 platform server:

CVE-2026-0847: Fixes improper authentication validation that could allow unauthorized access to organization data through crafted API requests
CVE-2026-0848: Addresses privilege escalation vulnerability in the plugin execution framework that could allow standard users to gain administrative privileges
Enhanced input validation for all web service endpoints
Strengthened authentication token validation and expiration handling
Improved security context isolation for custom plugin execution

Improves database performance and connection stability

Database-related enhancements included in this update:

Optimized SQL query execution plans for common CRM operations, reducing average response time by up to 35%
Enhanced connection pooling mechanism to prevent timeout errors during peak usage
Improved transaction handling for bulk data operations
Updated database schema optimization routines for better index utilization
Fixed memory leaks in the data access layer that could cause gradual performance degradation

Resolves web client stability and user interface issues

Web client improvements delivered in this service update:

Fixed JavaScript memory leaks in form rendering engine that caused browser crashes during extended sessions
Improved event handler cleanup to prevent unresponsive interface elements
Enhanced client-side caching mechanism for faster page load times
Resolved compatibility issues with modern web browsers including Chrome 124+ and Edge 124+
Fixed grid control rendering issues that caused data display problems in list views

Enhances workflow and plugin execution reliability

Background processing improvements included:

Increased default timeout values for long-running workflow operations
Enhanced error handling and retry logic for failed workflow steps
Improved plugin isolation to prevent one failing plugin from affecting others
Fixed race conditions in asynchronous job processing that could cause duplicate executions
Updated plugin registration validation to catch configuration errors before deployment

Updates platform components and dependencies

Core platform updates and dependency refreshes:

Updated .NET Framework components to version 4.8.1 for improved security and performance
Refreshed third-party libraries to address known vulnerabilities
Enhanced logging and diagnostic capabilities for better troubleshooting
Improved installation and upgrade routines for smoother deployment experience
Updated localization resources for multiple language support improvements

Validation

Installation

Automatic Installation:

KB5078943 is delivered automatically through Microsoft Update for organizations with automatic updates enabled for Dynamics 365 (on-premises). The update will be installed during the next scheduled maintenance window.

Manual Installation:

Administrators can download KB5078943 from the Microsoft Download Center or Microsoft Update Catalog. The update package is approximately 485 MB and requires administrative privileges for installation.

Prerequisites:

Microsoft Dynamics 365 (on-premises) version 9.0 with minimum build 9.0.2.0000
Windows Server 2016 or later with latest security updates
SQL Server 2016 SP2 or SQL Server 2019 with current cumulative updates
Minimum 2 GB free disk space on system drive
All users must be logged off from Dynamics 365 during installation

Installation Steps:

Download the update package from Microsoft Download Center
Stop all Dynamics 365 services on the server
Run the installer with administrative privileges
Follow the installation wizard prompts
Restart the server when prompted
Verify installation using Get-CrmVersion PowerShell cmdlet

Enterprise Deployment:

System administrators can deploy KB5078943 using System Center Configuration Manager (SCCM) or Windows Server Update Services (WSUS). The update supports silent installation with the /quiet parameter for automated deployment scenarios.

If it still fails

Known Issues

The following known issues have been identified with KB5078943:

Installation Issues:

Error 0x80070643: Installation may fail if insufficient disk space is available. Ensure at least 2 GB free space on the system drive before installation
Service startup delays: Dynamics 365 services may take longer than usual to start after the update due to database schema updates. Allow up to 10 minutes for full service initialization

Post-Installation Issues:

Custom plugin compatibility: Some custom plugins developed for earlier versions may require recompilation against the updated SDK. Test all custom code in a development environment before production deployment
Report rendering delays: SQL Server Reporting Services reports may experience temporary performance degradation for 24-48 hours after installation while the system optimizes new query execution plans
Web client cache issues: Users may need to clear their browser cache and restart their browser sessions to see the updated interface components

Workarounds:

For plugin compatibility issues, download the updated SDK from the Microsoft Download Center and recompile affected plugins
To resolve report performance issues, run UPDATE STATISTICS on the organization database after installation
Instruct users to perform a hard refresh (Ctrl+F5) in their browsers to clear cached resources

Frequently Asked Questions

What does KB5078943 resolve?+

KB5078943 resolves critical security vulnerabilities (CVE-2026-0847 and CVE-2026-0848), improves database performance by up to 35%, fixes web client stability issues, and enhances workflow processing reliability in Microsoft Dynamics 365 (on-premises) version 9.0.

Which systems require KB5078943?+

KB5078943 applies to all Microsoft Dynamics 365 (on-premises) version 9.0 installations with minimum build 9.0.2.0000. It requires Windows Server 2016 or later and SQL Server 2016 SP2 or SQL Server 2019 with current updates.

Is KB5078943 a security update?+

Yes, KB5078943 is classified as a security update that addresses two critical vulnerabilities: CVE-2026-0847 (authentication bypass) and CVE-2026-0848 (privilege escalation). It also includes performance improvements and stability fixes.

What are the prerequisites for KB5078943?+

Prerequisites include Dynamics 365 (on-premises) 9.0 build 9.0.2.0000 or later, Windows Server 2016+, SQL Server 2016 SP2 or 2019, 2 GB free disk space, administrative privileges, and all users logged off during installation.

Are there known issues with KB5078943?+

Known issues include potential installation failure with insufficient disk space (error 0x80070643), service startup delays up to 10 minutes, custom plugin compatibility requirements, temporary report performance degradation, and browser cache clearing needs.

References (2)

Mises à jour du service Microsoft Dynamics 365Page de support officiel de Microsoft pour les mises à jour de service et les informations de version de Dynamics 365https://support.microsoft.com/dynamics365

Mises à jour de sécurité Dynamics 365Documentation Microsoft Learn pour les mises à jour de sécurité et les meilleures pratiques de Dynamics 365https://learn.microsoft.com/dynamics365/security

Discussion

Share your thoughts and insights