According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers Started Using “SambaCry Flaw” to Hack Linux Systems
June 10, 2017
Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the SambaCry vulnerability (CVE-2017-7494) and how it works, you can read our previous article. At ...
- Group Behind NSA Dump That Led to WannaCry Opens 0-Day Exploit Subscription
May 30, 2017
Infamous hacking group Shadow Brokers has promised to release more zero-day exploits, such as the one that has made life a misery for some 300,000 people across the world via WannaCry. Now, the group isn’t just after wreaking havoc, but also after making some money, since the releases will be made for a special club ...
- Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication
May 30, 2017
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn’t it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google’s ...
- Yahoo Retires ImageMagick After Exploit Leaks Email Content
May 22, 2017
Yahoo is once more at the center of a security scandal after an ImageMagick library exploit was found leaking user email content. The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo’s system to trigger email information leaks. Yahoo has since retired the use of ...
- Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak
May 10, 2017
Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak, that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing “Vault 7” dump — thousands of documents ...
- ‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware
May 9, 2017
Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center ...