Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

AD FS vulnerability could allow information disclosure


Report ID: MS201308008
Date Published: 14 August 2013

Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote


Affected Product/Component:

Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012




Summary

A vulnerability in the Active Directory Federation Services (AD FS) could allow unintentional disclosure of account information.



Detailed Description

Microsoft has released a security update to address a reported vulnerability in the Active Directory Federation Services (AD FS). The vulnerability exists when AD FS exposes account information through an open endpoint, and it could allow an attacker to reveal information related to the service account used by AD FS.

The vulnerability has been resolved through the latest update which ensure that the endpoint does not disclose account information. Users are recommended to install the update onto their system as a protection measure against potential exploit attempts.



CVE Reference

CVE-2013-3185



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-066)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.