all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SCCM Site Takeover via Automatic Client Push Installation

Add to bookmarks
Jan. 12, 2023, 1:31 p.m. | Chris Thompson

Security Boulevard securityboulevard.com

tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation.


While reading SCCM Current Branch Unleashed and stepping through the site installation process, I found something interesting — the primary site server’s domain computer account is required to be a member of the local Administrators group on the site database server.



During site installation, this account is also added to the sysadmins group in the site database.



This means that if:



  1. automatic site assignment and automatic site-wide client push …

account administrators application security automatic client computer configuration management current database domain install installation local ntlm penetration testing pentesting process red team sccm server social engineering takeover

Visit resource

More from securityboulevard.com / Security Boulevard

What is Network Pen Testing? 4 hours ago | securityboulevard.com
assessment attack cyber cyber security +27
RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI … 5 hours ago | securityboulevard.com
benchmark blog conference cybersecurity +22
How to Migrate from FedRAMP Rev 4 to FedRAMP Rev 5 7 hours ago | securityboulevard.com
can development evolution fedramp +9
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 10 hours ago | securityboulevard.com
advisory alto april cve +18
USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications 12 hours ago | securityboulevard.com
access android applications authors +20
N.A. Developers Optimistic About Generative AI and Code Security 12 hours ago | securityboulevard.com
ai security america can cloud security +34
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices 12 hours ago | securityboulevard.com
actor adaptive security arcanedoor asa +27
AI Adoption Prompts Security Advisory from NSA 13 hours ago | securityboulevard.com
adoption advisory ai ai adoption +26
AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections 13 hours ago | securityboulevard.com
ai cybersecurity ai data ai data poisoning ai security attacks +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Digital Trust Cyber Transformation Senior

@ KPMG India | Mumbai, Maharashtra, India
View on infosec-jobs.com

Security Consultant, Assessment Services - SOC 2 | Remote US

@ Coalfire | United States
View on infosec-jobs.com

Sr. Systems Security Engineer

@ Effectual | Washington, DC
View on infosec-jobs.com

Cyber Network Engineer

@ SonicWall | Woodbridge, Virginia, United States
View on infosec-jobs.com

Security Architect

@ Nokia | Belgium
View on infosec-jobs.com
View more jobs