Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: Threats Vulnerability protection Microsoft Active Directory Federation Services vulnerability could allow information disclosure

Vulnerability protection

AD FS vulnerability could allow information disclosure


Report ID: MS201308008
Date Published: 14 August 2013

Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote

Affected Product/Component:

Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012




Summary

A vulnerability in the Active Directory Federation Services (AD FS) could allow unintentional disclosure of account information.



Detailed Description

Microsoft has released a security update to address a reported vulnerability in the Active Directory Federation Services (AD FS). The vulnerability exists when AD FS exposes account information through an open endpoint, and it could allow an attacker to reveal information related to the service account used by AD FS.

The vulnerability has been resolved through the latest update which ensure that the endpoint does not disclose account information. Users are recommended to install the update onto their system as a protection measure against potential exploit attempts.



CVE Reference

CVE-2013-3185



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-066)



Source

Microsoft Security Bulletin MS13-066



F-Secure Health Check

F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.



Health Check

 
Evaluate your computer's security and see recommended updates for popular programs.

 

Try it

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.

 

Read F-Secure advisories