KEV · Actively exploited

CVE-2024-43468

CRITICAL 9.8 KEV Published on 2024-10-08

Microsoft Configuration Manager Remote Code Execution Vulnerability

EPSS 83.11% exploit likely percentile 99.3%

CISA Known Exploited Vulnerability

Added to KEV: 2026-02-12
Remediation deadline: 2026-03-05
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware: No