Microsoft Publishes Out-of-Band Fix for Flaw Allowing Lateral Movement and Ransomware Attacks


This week, Microsoft released an out-of-band security update for its Endpoint Configuration Manager product to fix a flaw that could allow malicious actors to move freely within the network of a targeted organization.

The flaw is identified as CVE-2022-37972, and Microsoft has characterized it as a medium-severity spoofing problem. The bug was reported by Trimarc Security’s Brandon Colley, according to the tech giant. Microsoft stated in its advisory that although there is no proof of exploitation, the vulnerability has been made public.

Although Prajwal Desai has written a brief blog post outlining the patch, Colley told SecurityWeek that he has not yet made any information publicly available and mentioned that he has been collaborating with Microsoft on coordinated disclosure.

Read More: Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.