Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Configuration Manager (current branch, versions 2403, 2409, and 2503)
Summary of KB34503790
A revised update is available to resolve the vulnerability described in CVE-2025-47178. The revision also improves the security of discovery data records (DDR) processing. CVE-2025-47178 was originally resolved in the globally available release of Configuration Manager version 2503, and in KB 33926600 for versions 2403 and 2409. The following vulnerabilities are also resolved with this update:
KB 34503790 supersedes prior releases of the fix. Configuration Manager versions 2403 and 2409 display this update under KB 34503768.
Update information for Microsoft Configuration Manager current branch, versions 2403, 2409, 2503
This update is available in the Updates and Servicing node of the Configuration Manager console for environments with the following update applied.
- 2403: KB28204160: Update rollup for Microsoft Configuration Manager version 2403
- 2409: KB30385346: Update rollup for Microsoft Configuration Manager version 2409
- 2503: KB32480179: Update for Microsoft Configuration Manager version 2503, early update ring
Restart information
This update doesn't require a computer restart, but does require a site reset after installation.
Additional installation information
After you install this update on a primary site, preexisting secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. This reinstallation doesn't affect configurations and settings for the secondary site. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, all the fixes that are applied to the primary site aren't installed for the secondary site. You should use the Recover Secondary Site option to update the secondary site.
Version information
The SMS Provider (smsprov.dll) is updated to the following versions.
- 2403: 5.00.9128.1035
- 2409: 5.00.9132.1029
- 2503: 5.00.9135.1008
File information
File information is available in the following downloadable files.
- 2403: KB34503768_2403_FileList
- 2409: KB34503768_2409_FileList
- 2503: KB34503790_2503_FileList
Release history
- September 8, 2025: Initial hotfix release