Описание
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
FAQ
How do I get the update?
The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.
Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.
What is Microsoft Endpoint Configuration Manager?
Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or are internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more. For more information see - What is Configuration Manager?.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Endpoint Configuration Manager |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.5 High
CVSS3
Связанные уязвимости
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
Microsoft Endpoint Configuration Manager Spoofing Vulnerability.
Уязвимость программного продукта управления сетевыми устройствами Microsoft Endpoint Configuration Manager, связанная с ошибками при проведении процедуры проверки подлинности через Kerberos с использованием NTLM, позволяющая нарушителю реализовать спуфинг-атаку и получить доступ к защищаемой информации
EPSS
7.5 High
CVSS3