[CVE-2022-37972] Microsoft Endpoint Configuration Manager Spoofing Vulnerability について


今回は、Microsoft Endpoint Configuration Manager (MECM, SCCM, Configuration Manager) の脆弱性について取り上げます。

2022/09/20 (米国時間、日本時間 2022/09/21) にリリースされたものになります。

CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing Vulnerability

これは、Microsoft Endpoint Configuration Manager 向けの脆弱性となり、KB15498768 を適用することで対処することが出来ます。


Disabling the Allow connection fallback to NTLM option in Client Push Installation Properties is not honored under either of the following conditions:

  • If there are Kerberos authentication failures the client push account will attempt an NTLM connection instead.
  • The site server computer account will attempt a connection using NTLM if Kerberos authentication fails for all defined client push installation accounts.

This update prevents any attempt at NTLM authentication for client push installation when the Allow connection fallback to NTLM option is disabled.

Installation of this update resolves the following security issue:

Beginning with Configuration Manager current branch, version 2207, the Allow connection fallback to NTLM option is disabled by default on new site installations.

It is recommended to disable this option in existing environments, where possible, to increase security.

Refer to the following documents for more detail on client and NTLM security:

Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. For more information, see Support for Configuration Manager current branch versions.

<KB15498768 の提供範囲>

Microsoft Endpoint Configuration Manager CB 2103 > 2207 までの環境に、KB15498768 が提供されます。CB 2103 未満の環境は、まずは、少なくとも CB 2103 環境にアップグレード後、KB15498768 を適用してください。


対象環境の Configuration Manager コンソールには、下記のように、B15498768 が表示されます。上記に記載されている不具合を修正するプログラムなので、早期にアップデートすることをお勧めいたします。