Microsoft Configuration Manager Vulnerability Enables Remote Code Execution
/ 1 min read
🛡️💻 Severe SQL Injection Vulnerability Discovered in Microsoft Configuration Manager. A critical vulnerability, CVE-2024-43468, has been identified in Microsoft Configuration Manager, rated with a CVSS score of 9.8, allowing unauthenticated attackers to execute remote code on affected systems. This vulnerability arises from two SQL injection flaws due to improper input sanitization, affecting ConfigMgr versions 2403, 2309, and 2303, particularly if patch KB29166583 is not applied. Attackers can exploit these weaknesses to gain full access to the ConfigMgr database, potentially leading to system compromise and data breaches. Microsoft has released a patch to address this issue, and organizations are urged to apply it immediately while implementing additional security measures such as network segmentation and database security best practices.
