Microsoft’s “Immediate” Retirement of MDT

The report demonstrates how MDT/WDS deployments can be discovered unauthenticated via PXE/TFTP and leveraged through an unauthenticated MDT monitoring API and an XXE flaw to coerce authentication and exfiltrate privileged MDT service account credentials; it includes PoC steps, tooling, a disclosure timeline (Microsoft retired MDT instead of issuing patches), and mitigation guidance such as disabling the monitoring service, tightening share permissions, applying least privilege, and planning migration to supported OSD solutions.