CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.