According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files
March 20, 2018
You have always been warned not to share remote access to your computer with untrusted people for any reason—it’s a basic cybersecurity advice, and common sense, right? But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers. A critical vulnerability has been discovered in Microsoft’s Windows ...
- AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon
March 20, 2018
MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...
- Spring break! Critical vuln in Pivotal framework’s Data parts plugged
March 5, 2018
Pivotal’s Spring Data REST project has a serious security hole that needs patching. Pivotal’s Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. Read more… Source: The Register
- Bug in HP Remote Management Tool Leaves Servers Open to Attack
March 1, 2018
Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) ...
- Massive Malspam Campaign Targets Unpatched Systems
February 27, 2018
Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers. According to the research firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an ...
- Smart meters could leave British homes vulnerable to cyber attacks, experts have warned
February 18, 2018
New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...