ADFS Security Feature Bypass Vulnerability

2019-07-09T07:00:00
ID MS:CVE-2019-0975
Type mscve
Reporter Microsoft
Modified 2019-07-09T07:00:00

Description

A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses.

To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses.

This security update corrects how ADFS updates its list of banned IP addresses.