Microsoft Windows Active Directory Federation Services (ADFS) Multiple Vulnerabilities( 09 December 2009 )
RISK: Medium Risk
1. Single Sign On Spoofing in ADFS Vulnerability
spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.
2. Remote Code Execution in ADFS Vulnerability
A remote code execution vulnerability exists in implementations of Active Directory Federation Services (ADFS). The vulnerability is due to incorrect validation of request headers when an authenticated user connects to an ADFS enabled Web server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Impact
- Remote Code Execution
System / Technologies affected
- Windows Server 2003
- Windows Server 2008
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Vulnerability Identifier
Source
Related Link
Share with