CISA Directs Agencies to Secure Systems Against Actively Exploited Microsoft Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. government agencies to secure their systems against a critical Microsoft Configuration Manager vulnerability, identified as CVE-2024-43468. This flaw, which was patched in October 2024, is now being actively exploited in cyberattacks.

This flaw, which was patched in October 2024, is now being actively exploited in cyberattacks.

Vulnerability Details: CVE-2024-43468

CVE-2024-43468 is an SQL injection vulnerability reported by Synacktiv. It allows unauthenticated remote attackers to execute code and run arbitrary commands with the highest level of privileges on the server or the underlying Microsoft Configuration Manager site database. Microsoft described this vulnerability as allowing an unauthenticated attacker to exploit it by sending specially crafted requests, leading to command execution on the server or database.

Exploitation Confirmed, CISA Mandates Action

Microsoft initially assessed the vulnerability as "Exploitation Less Likely" when it released the patch. However, Synacktiv published proof-of-concept exploitation code on November 26, 2024, dramatically shifting the threat assessment. CISA subsequently flagged CVE-2024-43468 as actively exploited.

Consequently, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies patch their affected systems by March 5, aligning with Binding Operational Directive (BOD) 22-01.

Urgent Recommendations for All Network Defenders

CISA has warned that these types of vulnerabilities are frequent attack vectors and pose significant risks to systems. While BOD 22-01 specifically applies to federal agencies, CISA has urged all network defenders, including those in the private sector, to secure their devices against ongoing CVE-2024-43468 attacks promptly. Recommended actions include applying vendor-provided mitigations or discontinuing product use if mitigations are unavailable.