"Researchers Expose Microsoft SCCM Misconfigs Usable in Cyberattacks"

Security researchers at SpecterOps have developed a knowledge base repository for attack and defense techniques stemming from the improper setup of Microsoft's Configuration Manager (MCM). Improper setup could enable attackers to execute payloads or become domain controllers. MCM, formerly known as System Center Configuration Manager (SCCM, ConfigMgr), is used in many Active Directory (AD) environments to help administrators manage servers and workstations on a Windows network. Security researchers have studied it for over a decade as an attack surface that could allow malicious actors to gain administrative privileges on a Windows domain. The researchers announced the release of Misconfiguration Manager, a repository of attacks based on flawed MCM configurations that could serve as a resource for defenders. This article continues to discuss the knowledge base repository for attack and defense techniques based on improperly setting up MCM. 

Bleeping Computer reports "Researchers Expose Microsoft SCCM Misconfigs Usable in Cyberattacks"

Submitted by grigby1

Submitted by Gregory Rigby on