Security Updates for Microsoft Endpoint Configuration Manager (November 2025)

The The Microsoft Endpoint Configuration Manager installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2025-47179 Note that Ness...

EUVD-2022-40579

Malicious code in bioql PyPI...

EUVD-2022-29407

Malicious code in bioql PyPI...

Microsoft Endpoint Configuration Manager RCE (KB31909343)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB31909343. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

Microsoft Endpoint Configuration Manager RCE (KB29166583)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB29166583. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

Microsoft Endpoint Configuration Manager Spoofing (KB15498768)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB15498768. It is, therefore, affected by a spoofing vulnerability. Under some conditions, clients will fallback to NTLM authentication even if NTLM authentication is...

Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing Vulnerability

...

PT-2022-4838 · Microsoft · Endpoint Configuration Manager

Name of the Vulnerable Software and Affected Versions: Microsoft Endpoint Configuration Manager affected versions not specified Description: The issue is related to errors in the authentication process using Kerberos with NTLM. Exploitation of this issue may allow a remote attacker to conduct a...

KB5014032: Servicing stack update for Windows 10, version 20H2, 21H1, and 21H2: May 10, 2022

KB5014032: Servicing stack update for Windows 10, version 20H2, 21H1, and 21H2: May 10, 2022 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable...

CVE-2022-24527 Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability

...

Microsoft is recognized as a Leader in the 2021 Forrester Wave for Unified Endpoint Management

Microsoft is honored to be recognized as a Leader in The Forrester Wave: Unified Endpoint Management UEM, Q4 2021 report for our ability to help customers on their path to modern endpoint management. Microsoft Endpoint Manager—which brings together Microsoft Intune for cloud endpoint management a...