skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Microsoft Configuration Manager SQL Injection Vulnerability Identified

/ 1 min read

🛠️ Critical SQL Injection Vulnerability Discovered in Microsoft Configuration Manager. A serious security flaw has been identified in Microsoft Configuration Manager (MCM), allowing unauthenticated SQL injection attacks that could lead to arbitrary SQL query execution and potential remote code execution. The vulnerability, tracked as CVE-2024-43468, was confirmed by Microsoft on August 22, 2024, following an advisory sent to the Microsoft Security Response Center (MSRC). Initial hotfixes released in September faced issues, but a revised fix was published on September 18. The vulnerability poses significant risks as it does not leave clear traces in log files, complicating detection efforts. For further technical details, exploitation code is available on GitHub.

Source
{entry.data.source.title}
Original