all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SCCM Site Takeover via Automatic Client Push Installation

Add to bookmarks
Jan. 12, 2023, 1:45 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation.

While reading SCCM Current Branch Unleashed and stepping through the site installation process, I found something interesting — the primary site server’s domain computer account is required to be a member of the local Administrators group on the site database server.

During site installation, this account is also added to the sysadmins group in the site database.

This means that if:


  1. automatic site assignment and automatic site-wide client push …

account administrators automatic client computer current database domain install installation local ntlm process sccm server takeover

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

These SMBs are hot threat targets but they're shrugging off security help an hour ago | malware.news
article companies cybersecurity demand +11
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices an hour ago | malware.news
actor adaptive security arcanedoor asa +25
NSA Highlights AI System Security Guidelines an hour ago | malware.news
advisory base can companies +23
The private sector probably isn’t coming to save the NVD 2 hours ago | malware.news
analysis backlog coming cves +16
SBOM and the Bill that is Coming 3 hours ago | malware.news
big bill bills coming +9
Micropatches Released for Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628) 3 hours ago | malware.news
access akamai application attacker +25
Beware of Fake PoC Repositories & Malicious Code on GitHub 4 hours ago | malware.news
amp article code concept +14
Action needed amid escalating ransomware attacks, record-high payments 4 hours ago | malware.news
action attack attacks called +14
Ransomware triggers cyberinsurance claims increase 4 hours ago | malware.news
article attack claims cyberinsurance +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Physical Security Operations Center - Supervisor

@ Equifax | USA-GA-Alpharetta-JVW3
View on infosec-jobs.com

Network Cybersecurity Engineer - Overland Park, KS Hybrid

@ Black & Veatch | Overland Park, KS, US
View on infosec-jobs.com

Cloud Security Engineer

@ Point72 | United States
View on infosec-jobs.com

Technical Program Manager, Security and Compliance, Cloud Compute

@ Google | New York City, USA; Kirkland, WA, USA
View on infosec-jobs.com

EWT Security | Vulnerability Management Analyst - AM

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com
View more jobs