Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Microsoft Active Directory Federation Services Information Disclosure Vulnerability

 

Systems Affected


Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012 R2
Windows Server 2012

Threat Level


High


Overview


Vulnerability has been reported in the Active Directory Federation Services (AD FS) component used by Microsoft Windows servers which could allow a remote attacker to access user information.


Description


An information disclosure vulnerability exists due to Active Directory Federation Services (AD FS) fails to properly log off a user. A remote attacker could exploit this vulnerability by reopening an application from which a user has recently logged off.

A successful exploitation could allow a remote attacker to access sensitive information, which could aid further attacks.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in Microsoft Security Bulletin MS14-077


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.