CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA has flagged a critical Microsoft Configuration Manager (SCCM) vulnerability, CVE-2024-43468, as actively exploited in attacks, ordering U.S. government agencies to patch it by March 5th. This SQL injection flaw allows unauthenticated attackers to gain code execution with the highest privileges, despite Microsoft initially deeming exploitation unlikely.