AD FS vulnerability could allow information disclosure
Report ID: MS201308008
Date Published: 14 August 2013
Compromise Type: information-disclosure
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
A vulnerability in the Active Directory Federation Services (AD FS) could allow unintentional disclosure of account information.
Microsoft has released a security update to address a reported vulnerability in the Active Directory Federation Services (AD FS). The vulnerability exists when AD FS exposes account information through an open endpoint, and it could allow an attacker to reveal information related to the service account used by AD FS.
The vulnerability has been resolved through the latest update which ensure that the endpoint does not disclose account information. Users are recommended to install the update onto their system as a protection measure against potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-066)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.