CVE-2024-43468
unknown
KEV
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.5
Description
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
CISA KEV
- Vendor
- Microsoft
- Product
- Configuration Manager
- Due date
- 2026-03-05
Predictions
Exploit likelihood
99%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Microsoft Security Response Center ยท View original โ ยท proprietary-no-redistribution
Full prose not cached โ VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.
Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | |
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | |
| microsoft | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | |
| microsoft | Windows Server 2012 | |
| microsoft | Windows Server 2012 (Server Core installation) | |
| microsoft | Windows Server 2012 R2 | |
| microsoft | Windows Server 2012 R2 (Server Core installation) | |
| microsoft | Microsoft Visual Studio 2015 Update 3 | |
| microsoft | Microsoft Outlook for Android | |
| microsoft | Windows 10 for 32-bit Systems | |
| microsoft | Windows 10 for x64-based Systems | |
| microsoft | Microsoft Excel 2016 (32-bit edition) | |
| microsoft | Microsoft Excel 2016 (64-bit edition) | |
| microsoft | Microsoft Office 2016 (32-bit edition) | |
| microsoft | Microsoft Office 2016 (64-bit edition) | |
| microsoft | Windows Server 2016 | |
| microsoft | Windows 10 Version 1607 for 32-bit Systems | |
| microsoft | Windows 10 Version 1607 for x64-based Systems | |
| microsoft | Windows Server 2016 (Server Core installation) | |
| microsoft | Microsoft SharePoint Enterprise Server 2016 | |
| microsoft | Windows 10 Version 1809 for 32-bit Systems | |
| microsoft | Windows 10 Version 1809 for x64-based Systems | |
| microsoft | Windows Server 2019 | |
| microsoft | Windows Server 2019 (Server Core installation) | |
| microsoft | Microsoft Office 2019 for 32-bit editions | |
| microsoft | Microsoft Office 2019 for 64-bit editions | |
| microsoft | Microsoft SharePoint Server 2019 | |
| microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | |
| microsoft | Visual Studio Code | |
| microsoft | Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | |
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.