EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Older microsoft ConfigMgr bug now exploited as metasploit adds SolarWinds module

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-13 07:23 UTCUpdated 2026-02-13 20:01 UTC
rss
exploitation_in_the_wildpatchingsql_injectionmetasploitexploit_modulecve
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Metasploit Wrap-Up 02/13/2026
Rapid7 Blog · News · rapid7.com · 2026-02-13 20:01 UTC
limited source diversity in top sources
View all evidence
Overview

Reporting indicates attackers are now actively exploiting a SQL injection flaw in Microsoft Configuration Manager that was patched in October 2024, putting unpatched organizations at risk.

Entities
MicrosoftRapid7SolarWindsMetasploitMicrosoft Configuration ManagerSolarWinds Web Help Desk
Score total
0.96
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • A 2024-patched Microsoft flaw is reported as now actively exploited
  • Metasploit’s latest wrap-up documents new exploit module availability
  • Both signals land in the same news cycle, reinforcing patch-and-verify priorities
Why it matters
  • Active exploitation of an older, patched flaw increases urgency for lagging patch programs
  • New Metasploit modules can speed validation and detection—but also enable faster attacker adoption
  • SYSTEM-level outcomes raise potential impact if affected SolarWinds instances are exposed
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • A Microsoft Configuration Manager SQL injection flaw patched in October 2024 is now being actively exploited, increasing risk for unpatched organizations.
  • Metasploit added an exploit module for SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551, with successful exploitation yielding an NT AUTHORITY\\SYSTEM session.
How sources frame it
  • The Register Security: neutral
  • Rapid7 Blog: neutral
All evidence
All evidence
Metasploit Wrap-Up 02/13/2026
Rapid7 Blog · rapid7.com · 2026-02-13 20:01 UTC
Attackers finally get around to exploiting critical Microsoft bug from 2024
The Register Security · go.theregister.com · 2026-02-13 18:45 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Rapid7 Blog (1)
  • The Register Security (1)
Top origin domains (this list)
  • rapid7.com (1)
  • go.theregister.com (1)