skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical SQL Injection Vulnerability in Microsoft Configuration Manager

/ 1 min read

🔍 Critical SQL Injection Vulnerability Discovered in Microsoft Configuration Manager. Security researcher Mehdi Elyassa from Synacktiv has revealed a severe vulnerability in Microsoft Configuration Manager (CVE-2024-43468), which has a CVSS score of 9.8. This flaw allows unauthenticated attackers to exploit SQL injection vulnerabilities, enabling them to execute arbitrary commands on servers and databases. The vulnerability is linked to the MP_Location service, which improperly processes client messages, leading to two SQL injection vectors. Successful exploitation can grant attackers sysadmin-level privileges, potentially compromising the entire deployment environment. Microsoft has released patches to address this issue, and organizations are urged to apply them immediately to mitigate risks. Monitoring for anomalies in the MP_Location.log file is recommended to detect potential exploitation attempts.

Source
{entry.data.source.title}
Original