CISA orders urgent patch for actively exploited SCCM flaw
CISA directed federal agencies to patch CVE-2024-43468, a SQL injection flaw in Microsoft Configuration Manager (SCCM) that is now being actively exploited in attacks. The vulnerability was patched by Microsoft in October 2024, but exploitation was later shown in PoC code, and CISA warns that unpatched systems pose significant risk. Agencies must apply mitigations by March 5 under BOD 22-01, and CISA recommends that organizations outside federal use vendor guidance to secure affected systems as soon as possible.