Endpoint/Device Security

Microsoft Endpoint Configuration Manager vulnerability patched

SecurityWeek reports that Microsoft has patched a security flaw in its Endpoint Configuration Manager solution, as part of an out-of-band update. Threat actors could exploit the medium-severity spoofing vulnerability, tracked as CVE-2022-37972, to facilitate lateral network movement and ransomware attacks. While there has been no indication of abuse, the flaw has been publicly disclosed, according to Microsoft. T he bug, which was first identified by Trimarc Security researcher Brandon Colley, could be leveraged by attackers with admin privileges to secure hashed credentials on all configured push accounts. Moreover, settings that enable connection fallback to the NTLM authentication protocol could help enable lateral movement and ransomware attacks but such concerns pertaining to NTLM have been addressed with the update, Colley said. "Prior to this patch, it was possible for an attacker to bypass the NTLM connection fallback setting which was previously thought to have prevented the type of attack in my July blog," added Colley.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.