CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager<\/a> (SCCM).<\/p>\n Tracked as CVE-2024-43468, this flaw lets unauthenticated attackers run malicious commands on servers and databases.<\/p>\n Added to CISA\u2019s Known Exploited Vulnerabilities (KEV) catalog on February 12, 2026, agencies must patch by March 5, 2026, or face federal mandates.<\/p>\n Microsoft Configuration Manager helps IT teams manage devices, deploy software, and handle updates across Windows networks<\/a>.<\/p>\n The bug affects its console services, where poorly sanitized user input can lead to SQL injection attacks<\/a>. Attackers craft special HTTP requests to the SCCM server.<\/p>\n These requests trick the system into executing arbitrary SQL queries on the backend SQL Server database.<\/p>\n From there, hackers can dump sensitive data, escalate privileges, or run OS commands<\/a>, making the way for ransomware, data theft, or full network compromise.<\/p>\n CISA reports active exploitation in the wild<\/a>, though details on specific campaigns remain unknown. Ransomware groups often target management tools like SCCM for quick lateral movement.<\/p>\n The vulnerability on severe, while an exact CVSS score isn\u2019t public yet, SQL injection flaws like this (linked to CWE-89) typically rate 8.0+ due to the potential for remote code execution.<\/p>\n Microsoft released patches as part of its November 2024 Patch Tuesday update<\/a>. Affected versions include SCCM 2303 and earlier; upgrade to 2311 or later and apply the fix via KB5044285 or newer. <\/p>\n Key steps:<\/p>\n