Louis

Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00.bsky.social.
www.synacktiv.com/advisories/m...

My guess as for why is to be able to get DNS over TLS/HTTPS to work without the need of using classic DNS to resolve the resolver