This week, Microsoft released an out-of-band security update for its Endpoint Configuration Manager product to fix a flaw that could allow malicious actors to move freely within the network of a targeted organization.
The flaw is identified as CVE-2022-37972, and Microsoft has characterized it as a medium-severity spoofing problem. The bug was reported by Trimarc Security’s Brandon Colley, according to the tech giant. Microsoft stated in its advisory that although there is no proof of exploitation, the vulnerability has been made public.
Although Prajwal Desai has written a brief blog post outlining the patch, Colley told SecurityWeek that he has not yet made any information publicly available and mentioned that he has been collaborating with Microsoft on coordinated disclosure.