Summary
CISA reports active exploitation of a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468). The flaw allows unauthenticated attackers to execute arbitrary commands with system-level privileges on management servers and site databases.
Take Action:
If you are using Microsoft Configuration Manager and haven't patched since 2024, this is urgent. Your MCM is being attacked. If possible, always isolate from the internet. And patch, because any isolation will be compromised given enough time.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)