Microsoft’s recent Patch Tuesday security update has come and gone, but the repercussions of unaddressed vulnerabilities may linger, particularly for those who have not acted swiftly to safeguard their systems. This month, a total of 117 security vulnerabilities were resolved, including five critical zero-day vulnerabilities that have raised alarms among cybersecurity experts. However, one vulnerability, CVE-2024-43468, has garnered significant attention due to its critical severity rating of 9.8 out of 10, accompanied by an urgent update warning.
How Dangerous Is CVE-2024-43468?
Despite not being classified as a zero-day threat—meaning it has not been publicly disclosed or exploited in the wild—Microsoft has deemed CVE-2024-43468 a critical vulnerability. The gravity of this situation arises from its impact on Microsoft’s Configuration Manager, which could allow for remote code execution if exploited. Microsoft has cautioned that “an unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment, which are processed in an unsafe manner, enabling the attacker to execute commands on the server and/or underlying database.” One security expert characterized CVE-2024-43468 as a no-interaction, low-complexity vulnerability, a combination that presents a particularly concerning risk.
Mitigating CVE-2024-43468 Is Not At All Straightforward
Adam Barnett, lead software engineer at Rapid7, has highlighted the complexities involved in addressing this vulnerability. He noted that the relevant update must be installed within the Configuration Manager console, necessitating specific actions from administrators as outlined in a series of generic articles provided by Microsoft. Tyler Reguly, associate director of security research and development at Fortra, echoed Barnett’s sentiments, emphasizing that the update process is far from a simple patch installation. It requires an in-console update, followed by user confirmation of the exact updates to install. Furthermore, secondary sites will not be updated unless administrators undertake an additional manual process, potentially leading to vulnerable environments within the enterprise.
Detailed instructions for mitigating this vulnerability can be found in Microsoft Knowledge Base article KB29166583, which was first published on September 4 and later unpublished and republished on September 18 without any mention of CVE-2024-43468. Barnett advises defenders to scrutinize the available documentation thoroughly and recommends reviewing it multiple times to ensure comprehension.
For those utilizing Microsoft Configuration Manager, the imperative is clear: update your systems as soon as possible. Cody Dietz, team lead of security engineering at Automox, warns that successful exploitation of this vulnerability could facilitate lateral movement across a network and enable the deployment of malicious configurations to other systems. He advocates for immediate action and suggests employing an alternate service account in place of the computer account to mitigate potential risks.
