Security Updates for Microsoft Endpoint Configuration Manager (November 2025)

The The Microsoft Endpoint Configuration Manager installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2025-47179 Note that Ness...

Microsoft Endpoint Configuration Manager (CVE-2025-59501)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in the vendor advisory. It is, therefore, affected by an elevation of privilege vulnerability. An attacker could exploit this vulnerability by modifying the user principal...

Microsoft Endpoint Configuration Manager (October 2025)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB34503790. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges...

EUVD-2022-29407

Malicious code in bioql PyPI...

Microsoft Endpoint Configuration Manager RCE (KB31909343)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB31909343. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

Microsoft Endpoint Configuration Manager RCE (KB29166583)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB29166583. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

Microsoft Endpoint Configuration Manager Spoofing (KB15498768)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB15498768. It is, therefore, affected by a spoofing vulnerability. Under some conditions, clients will fallback to NTLM authentication even if NTLM authentication is...

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices allows a hacker to execute a spear-phishing attack and gain access to sensitive information, due to errors during the authentication process using Kerberos with NTLM.

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices is related to errors that occur during the authentication process using Kerberos and NTLM. Exploiting this vulnerability allows an attacker to execute a spear-phishing attack and gain access to...

Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

CVE-2022-37972

Microsoft Endpoint Configuration Manager Spoofing Vulnerability...

CVE-2022-37972

Microsoft Endpoint Configuration Manager Spoofing Vulnerability...

Microsoft Endpoint Configuration Manager Spoofing Vulnerability

...

Microsoft Endpoint Configuration Manager 安全漏洞

Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...

CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing Vulnerability

...

The vulnerability of the Endpoint Configuration Manager agent for the Microsoft Windows operating system, which allows a malicious individual to increase their privileges

The vulnerability of the Endpoint Configuration Manager for the Microsoft Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

KB5014032: Servicing stack update for Windows 10, version 20H2, 21H1, and 21H2: May 10, 2022

KB5014032: Servicing stack update for Windows 10, version 20H2, 21H1, and 21H2: May 10, 2022 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable...

CVE-2022-24527

Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability...

CVE-2022-24527

Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability...

Privilege escalation

Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability...