CVE-2022-24527

FAQ

How do I get the update?

Customers have two options for the update that addresses this vulnerability:

1. Upgrade to Configuration Manager current branch, version 2203 (Build 5.00.9078) which is available as an in-console update. See Checklist for installing update 2203 for Configuration Manager for more information.
2. Apply the hotfix. Customers running Microsoft Endpoint Configuration Manager, versions 1910 through versions 2111 who are not able to install Configuration Manager Update 2203 (Build 5.00.9078) can download and install hotfix KB12819689. See Connected cache update for Microsoft Endpoint Configuration Manager version 2111 for prerequisites, download link, and installation instructions.

What is Microsoft Endpoint Configuration Manager?

Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or are internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more. For more information see - What is Configuration Manager?.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.