Admins should update Microsoft’s IT management solution, Endpoint Configuration Manager. Attacks could be imminent.
With Microsoft Endpoint Configuration Manager, admins manage PCs and servers in companies. Attackers could now target a security gap that is already public knowledge. If attacks are successful, access to sensitive information is possible. A security patch is available.
Normally, Microsoft only releases security updates once a month on patch day. This vulnerability (CVE-2022-37972 “high“), the group obviously classifies it as so dangerous that there is an emergency patch (KB 15498768). The update is available for Endpoint Configuration Manager versions 2103 to 2207. If an edition older than 2103 is used, admins should update to a more recent version.
Attacks could be imminent
As can be seen from a warning message, the vulnerability is already public knowledge, but so far there have been no attacks. Microsoft is not currently providing specific information on the gap and possible attack scenarios.
The vulnerability seems to be in a fallback to the NTLM authentication method. The update is intended to ensure that this fallback does not take place. Microsoft recommends disabling this option in all environments where it is possible for security reasons.