Microsoft Active Directory Federation Services Elevation of Privilege Vulnerability
Last Update Date:
10 Jun 2015 09:53
Release Date:
10 Jun 2015
3219
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
![TYPE: Windows OS](/f/bulletin_type/100000/37p37/operation-system-windowsos.png)
An elevation of privilege vulnerability exists in the way that URLs are sanitized in Active Directory Federation Services (AD FS). An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
Impact
- Elevation of Privilege
System / Technologies affected
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2012
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-062
Vulnerability Identifier
Source
Related Link
Share with