Critical Microsoft SCCM Vulnerability Under Active Attack, Warns CISA

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

microsoft sccm cisa

Malware keeps evolving, and recent reports showed hackers abusing Gemini AI tools to assist malware campaigns. Now, an older Microsoft security flaw has resurfaced and is under active attack.

The vulnerability affects Microsoft Configuration Manager, formerly known as SCCM, a platform widely used by enterprises and government agencies to manage large fleets of Windows servers and workstations.

CISA Confirms Active Exploitation of CVE-2024-43468

CVE-2024-43468 is a critical SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary commands with the highest privileges on the affected server and site database.

Because Configuration Manager often runs with elevated access across enterprise networks, successful exploitation could grant attackers deep control over managed environments.

Microsoft originally patched the flaw in October 2024 and classified it as “Exploitation Less Likely” at the time. However, security researchers from Synacktiv later released proof-of-concept exploit code in November 2024, significantly increasing the likelihood of weaponization.

Federal Agencies Face March 5 Deadline

Following confirmed exploitation, CISA has ordered Federal Civilian Executive Branch agencies to secure their systems under Binding Operational Directive 22-01.

Agencies must apply patches and mitigations by March 5 or take alternative remediation steps. While the directive applies specifically to federal systems, CISA strongly urges private-sector organizations to patch immediately due to ongoing attacks.

This incident follows a series of recent security concerns involving Microsoft products. The company recently addressed a critical Notepad vulnerability and warned administrators about insecure Windows Deployment Services configurations after KB5074109.

Security experts continue to warn that enterprise management tools represent high-value targets because they provide centralized control across entire IT environments.

With active exploitation confirmed, organizations running Microsoft Configuration Manager face mounting pressure to update immediately and review their security posture before attackers gain further footholds.

Via Bleeping Computer

More about the topics: microsoft

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages