KLA10986Information disclosure vulnerability in Microsoft Active Directory Federation Services

2017-03-14T00:00:00
ID KLA10986
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

03/14/2017

Severity:

Warning

Description:

An improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services (ADFS). By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request.

Affected products:

Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

MS17-019
CVE-2017-0043

Impacts:

ACE

Related products:

Microsoft Windows Server 2012

CVE-IDS:

CVE-2017-00432.9Warning

Microsoft official advisories:

KB list:

4012217
4012215
4012216
4013429
4012212
4012214
4012213
3217882
4010320