• Microsoft Endpoint Configuration Manager out of band

    What is it? There is an out of band security update for Microsoft Endpoint Configuration Manager. This is a business only tool used to manage computers.

    What’s the risk? An attacker could exploit this vulnerability to obtain sensitive information. It’s a spoofing vulnerability.

    Does it impact consumers or home users?  No.

    Does it impact businesses who only use WSUS or only Intune or even those who have standalone Windows 10 or 11 computers?  No. This is only for those customers running Config manager a separate standalone management tool.

    How can you get the patch?  “The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.

    Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.

    Source: CISA alert

    MSRC alert

    I’ll update the master patch list later tonight, but be aware this out of band is for a narrow band of Microsoft customers.