Microsoft Configuration Manager SQL Injection Vulnerability Identified
/ 1 min read
🛠️ Critical SQL Injection Vulnerability Discovered in Microsoft Configuration Manager. A serious security flaw has been identified in Microsoft Configuration Manager (MCM), allowing unauthenticated SQL injection attacks that could lead to arbitrary SQL query execution and potential remote code execution. The vulnerability, tracked as CVE-2024-43468, was confirmed by Microsoft on August 22, 2024, following an advisory sent to the Microsoft Security Response Center (MSRC). Initial hotfixes released in September faced issues, but a revised fix was published on September 18. The vulnerability poses significant risks as it does not leave clear traces in log files, complicating detection efforts. For further technical details, exploitation code is available on GitHub.
