Vulnerability Protection

Vulnerability in Windows ADFS Could Allow Information Disclosure

Details

Report ID:

MS20170314

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Information disclosure

Compromise From:

Remote

Affected Product/Component:

Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2016

Summary

A vulnerability in Windows Active Directory Federation Services (ADFS) could be exploited into allowing an attacker to view sensitive information of a target system. 

Detailed Description

Microsoft has issued a security update to address an information disclosure vulnerability in the Windows Active Directory Federation Services (ADFS). The vulnerability existed when ADFS honors XML External Entities and it could be exploited to allow an attacker to view sensitive information of a targeted system. 

CVE Reference

CVE-2017-0043

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/MS17-019

Source

Microsoft Security Bulletin MS17-019