Security News > 2024 > March > Researchers expose Microsoft SCCM misconfigs usable in cyberattacks
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller.
At the SO-CON security conference today, SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager, a repository with attacks based on faulty MCM configurations that also provides resources for defenders to harden their security stance.
The two researchers say that MCM/SCCM is not easy to set up and that many of the default configurations leave room for attackers to take advantage.
In a blog post, Michael illustrates that the most common and damaging misconfiguration researchers see in their engagements are network access accounts with too many privileges.
The Misconfiguration Manager repository created by Chris Thompson, Garrett Foster, and Duane Michael aims to help administrators better understand Microsoft's tool and "Simplify SCCM attack path management for defenders while educating offensive professionals on this nebulous attack surface."
For each attack method, the researchers also provide information to protect the environment against each of the presented offensive techniques.