According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
June 3, 2019
A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug ...
- Gatekeeper Bug in MacOS Mojave Allows Malware to Execute
May 28, 2019
Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS. Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0). MacOS Gatekeeper is an Apple security feature that enforces ...
- One Million Devices Open to Wormable Microsoft BlueKeep Flaw
May 28, 2019
Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack. One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this ...
- Intense scanning activity detected for BlueKeep RDP flaw
May 26, 2019
Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008. Microsoft released fixes for this vulnerability on May 14, as part of the ...
- Security researchers discover Linux version of Winnti malware
May 20, 2019
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...
- May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
May 15, 2019
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately ...