CISA Warns of Active Exploitation in Microsoft Configuration Manager SQL Injection Flaw
Take action: If you are using Microsoft Configuration Manager and haven't patched since 2024, this is urgent. Your MCM is being attacked. If possible, always isolate from the internet. And patch, because any isolation will be compromised given enough time.
Learn More
CISA warns of active exploitation of a flaw in Microsoft Configuration Manager (MCM), formerly known as System Center Configuration Manager (SCCM). The vulnerability allows unauthenticated attackers to take full control of the management server and its associated site database without credentials.
The exploited flaw ins tracked as CVE-2024-43468 (CVSS score 9.8) - an SQL injection vulnerability that allows unauthenticated remote code execution on the server or database.
Since MCM manages large groups of assets, a single breach can lead to a major outage or total domain compromise by distribution of malicious software to all managed endpoints.
This flaw affects multiple versions of Microsoft Configuration Manager. Microsoft initially labeled exploitation as "less likely" in October 2024, but after the release of a public proof-of-concept (PoC) by security firm Synacktiv attackers started exploiting the flaw. the threat landscape. CISA has mandated that federal agencies secure their systems by March 5, 2026.
Administrators should verify that their site systems and database servers are fully patched and monitor for unusual SQL queries or unauthorized command execution.
