QID 377912

Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on the network or are internet-based. Users can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services.

Microsoft released a security advisory for Microsoft Endpoint Configuration Manager to resolve Spoofing Vulnerability.

Affected Products:
Microsoft Endpoint Configuration Manager versions 2103, 2107, 2111, 2203 and 2207.
QID Detection Logic:
This QID checks for the vulnerable version of ccm.dll file by fetching the Installation Directory of Microsoft Endpoint Configuration Manager from the registry keys "HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\Setup" and "HKLM\SOFTWARE\Microsoft\SMS\Setup"

Vulnerable versions of Microsoft Endpoint Configuration Manager are prone to Spoofing Vulnerability.