Researchers Expose Microsoft SCCM Misconfigs Usable in Cyberattacks
-
Researchers Expose Microsoft SCCM Misconfigs Usable in Cyberattacks
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. Configuration Manager (MCM), formerly known as System Center Configuration Manager (SCCM, ConfigMgr), At the SO-CON security conference today, SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager, a repository with attacks based on faulty MCM configurations that also provides resources for defenders to harden their security stance. "Our approach extends beyond cataloging the tactics of known adversaries to include contributions from the realm of penetration testing, red team operations, and security research," the SpecterOps explain. The two researchers say that MCM/SCCM is not easy to set up and that many of the default configurations leave room for attackers to take advantage. Considering that it is widely adopted and must be installed in an Active Directory domain, MCM/SCCM can decrease a company's security posture if configured improperly, a task fit for an experienced administrator. Although tested by the creators of Misconfiguration Manager, administrators are strongly advised to test the defense methods provided in the repository before implementing them in a production environment.
ที่มาแหล่งข่าว
https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand