<html><body><p>Resolves a vulnerability in Active Directory Federation Services (AD FS) that could reveal information that relates to the service account that is used by AD FS.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS13-066. To view the complete security bulletin, go to the following Microsoft website: <ul><li>IT professionals:<br /><div><a href=βhttp://technet.microsoft.com/security/bulletin/ms13-066β target=β_selfβ>http://technet.microsoft.com/security/bulletin/MS13-066</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help for installing updates:Β <a href=βhttps://support.microsoft.com/ph/6527β target=β_selfβ>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=βhttp://technet.microsoft.com/security/bb980617.aspxβ target=β_selfβ>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware: <a href=βhttps://support.microsoft.com/contactus/cu_sc_virsec_masterβ target=β_selfβ>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=βhttps://support.microsoft.com/common/international.aspxβ target=β_selfβ>International Support</a><br /><br /></div><h2>More Information</h2><div><span>Notes for computers running Windows Server 2012</span><ul><li>Computers running Windows Server 2012 will be offered security updates <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a> and <a href=βhttps://support.microsoft.com/help/2843639β target=β_selfβ>2843639</a>. These packages are chain installed. </li><li>When the installation is complete, both updates <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a> and <a href=βhttps://support.microsoft.com/help/2843639β target=β_selfβ>2843639</a> are listed in the list of installed updates. </li><li>Windows Update will not re-offer these security updates the previous versions are already installed. </li></ul><span>Notes for computers running Windows Server 2008 R2 and Windows Server 2008</span><ul><li>Computers running Windows Server 2008 R2 and Windows Server 2008 will only be offered security update <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a>. This package includes the security updates that are included in <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a> and <a href=βhttps://support.microsoft.com/help/2843639β target=β_selfβ>2843639</a>. Windows Update will not re-offer these security updates the previous versions are already installed.</li><li>When the installation is complete, only update <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a> is listed in the list of installed updates. </li><li>A previous revision of this security update required that <a href=βhttps://support.microsoft.com/help/2790338β target=β_selfβ>http://support.microsoft.com/kb/2790338</a> be applied to avoid functionality issues with security update 2843639. This dependency is no longer required for computers running Windows Server 2008 R2 and Windows Server 2008. </li><li>Windows Update will re-offer security update <a href=βhttps://support.microsoft.com/help/2843638β target=β_selfβ>2843638</a> if the previous version of the security update is already installed. </li></ul><h3>Known issues and additional information about this security update</h3><ul><li>Microsoft is aware of problems with the security updates described in MS13-066 that affect Active Directory Federation Services (ADFS) 2.0. The problems could cause ADFS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed.<br /><br />On August 19th 2013, Microsoft rereleased security update 2843638 to address this issue. Customers who already installed the original updates will be reoffered security update 2843638 and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates.</li></ul> <br /><br />The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link. <ul><li><div><a href=βhttps://support.microsoft.com/en-us/help/2868846β>2868846 </a> MS13-066: Description of the security update for Active Directory Federation Services 1.x: August 13, 2013</div><span>Note</span> After you install this security update, you must edit the Clientlogon.aspx page to add the text βautocomplete=offβ for the <strong>Username</strong> and <strong>Password</strong> text boxes to manually complete the installation. <br /></li><li><div><a href=βhttps://support.microsoft.com/en-us/help/2843638β>2843638 </a> MS13-066: Description of the security update for Active Directory Federation Services 2.0: August 13, 2013</div><br /><br /><br />Known issues in security update 2843638:<br /><ul><li>Microsoft Knowledge Base article 2843638 describes several issues that are resolved by hotfix 2896713. For more information, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=βhttps://support.microsoft.com/en-us/help/2896713β>2896713 </a> Update is available to fix several issues after you install security update 2843638 on an AD FS server</div></li></ul></li><li><div><a href=βhttps://support.microsoft.com/en-us/help/2843639β>2843639 </a> MS13-066: Description of the security update for Active Directory Federation Services 2.0: August 13, 2013</div><br /><br /><br /><br />Known issues in security update 2843639:<br /><ul><li>Knowledge Base article 2843639 describes several issues that are resolved by hotfix 2896713. For more information, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=βhttps://support.microsoft.com/en-us/help/2896713β>2896713 </a> Update is available to fix several issues after you install security update 2843638 on an AD FS server</div></li></ul><span>Note</span> After you install this security update, you must edit the FormsSignIn.aspx page to add the text βautocomplete=offβ for the <strong>Username</strong> and <strong>Password</strong> text boxes to manually complete the installation. </li></ul></div><h2>FILE INFORMATION</h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB2843638-v2-x64.msu</td><td>D3A586BF02B5FC2808875EC68D4E14B860B117C4</td><td>02211F7C344B464C6C1C92A7006BD8DA5E5639C81958CF46F09A4ED525C8027A</td></tr><tr><td>Windows6.0-KB2843638-v2-x86.msu</td><td>C813825E20E6E886BABC437A3D0CE0A5CC2DD5BE</td><td>48AC254EB9FD5B429C9445736DD44497B4F5B601E9A69DA900DAE5D3573F06DC</td></tr><tr><td>Windows6.1-KB2843638-v2-x64.msu</td><td>C4655030D421C21E4494E563B716D1235954725C</td><td>3B24E04827818B86A2E5165EC590F1F46B662FD70D592A01588D8E3A8E5F4953</td></tr><tr><td>Windows8-RT-KB2843638-x64.msu</td><td>65FFB163EE037D36B886A30E760BF88D7B9B58C8</td><td>37C6D712022EF49FEC81157BB2872E90E70E8CEA013FE7998AE3059989A80A02</td></tr><tr><td>Windows8-RT-KB2843639-x64.msu</td><td>C152CAD72560AFB3E79F67A82F64C2506599C4C9</td><td>1BA79E41913894306F63D603BA4223DB6FA0A4F79B95EC86926F8A6C45B2420F</td></tr><tr><td>Windows6.0-KB2843639-x64.msu</td><td>2C86E545DA59C459A2A006CE241F7A38DEB46E5C</td><td>3C5223B6A189732B0EAA6685194810EC0F26A01EBEBE3139C6EA0B9C94011B90</td></tr><tr><td>Windows6.0-KB2843639-x86.msu</td><td>6444E853E92A154CFBC991FDC68EFC71C5D3E16E</td><td>45367251175F24370469362CF160A83D3460EB067A198C15051E06A4844567C8</td></tr><tr><td>Windows6.0-KB2868846-x64.msu</td><td>0649EE6753F107310177CD1B253C2D8FB1E6E0D4</td><td>84B7EF75273FC98E257D32E78BDE583C7D60AEE13CD9CB97B2F27DD13FBC38BA</td></tr><tr><td>Windows6.0-KB2868846-x86.msu</td><td>DEB32C23142910D606C3E34167A1E47BDD6382A4</td><td>D31B15CAF04FF51A3744E0D93FBB7D6DF389093B8BB080465045981F7FD8CBB7</td></tr><tr><td>Windows6.1-KB2843639-x64.msu</td><td>97599B5D021362506463273C4041226A090E5823</td><td>5D106038D1B5EB72632377D9E32E00E522F1147B319A1C2C6690ABDEC5FB9D18</td></tr><tr><td>Windows6.1-KB2868846-x64.msu</td><td>4B8ADAD816C60809F37B212B52090B08844B23E2</td><td>4B3F06D2FEB7FBFEE4911A536371853A76EC69A0B307E54D5730754E9966004F</td></tr><tr><td>WindowsServer2003-KB2868846-x86-CHS.exe</td><td>95EEF588979F2A135D74197CF6A83724084BB48E</td><td>1B1DDC13F85A0AF04D94D547D6E717ECBE8D24C3A7606270C900D4117EEDB262</td></tr><tr><td>WindowsServer2003-KB2868846-x86-CHT.exe</td><td>0BE9C094FD4D29F113071FCF5C5A5E8A67C3221C</td><td>A4419A1282711F99209D6DC2B7920C3908782E5F6943DD8026BC1EA8163C6F17</td></tr><tr><td>WindowsServer2003-KB2868846-x86-CSY.exe</td><td>E2DFC912637C97FC89AD84C578EA89F3C1D55AF2</td><td>F96071696229C90AC48C6A3A2CB402DC17F6826FF1C33AE217F3FA040B6DE83B</td></tr><tr><td>WindowsServer2003-KB2868846-x86-DEU.exe</td><td>A9B9B1157B04B5E9A627B7A98CFA8751F1F6E294</td><td>ECBF5B35762034F3801A8DC81CB5BB91E544EB3A0462412ABC0835A9FF3C0964</td></tr><tr><td>WindowsServer2003-KB2868846-x86-ENU.exe</td><td>D346335422493DD5FF731FDC6C84F94CDD5F1DBA</td><td>81A78348D3C4A82FCCABB6C43C645A0BD10676D86C2E76456B7CBACA422FDFCD</td></tr><tr><td>WindowsServer2003-KB2868846-x86-ESN.exe</td><td>9B974FB395BC4487C19CF6181C0B5D8004E8913B</td><td>18E401AF4171B25E3C3DC9C906E68232B28D7B01B351452B8852295146E0562D</td></tr><tr><td>WindowsServer2003-KB2868846-x86-FRA.exe</td><td>80435451766990544B54F2D2FF484F7782B027EE</td><td>30C4061FCE8A5DE97B17A0306F665354072CE9CB17CC7AC40265AF3A1D6BACF2</td></tr><tr><td>WindowsServer2003-KB2868846-x86-HUN.exe</td><td>B91BCB4F63FBCDB45B284A0A3563CFF19C72DAA7</td><td>CE51D5530650F2171F38BABD7FA992E6110C0C5C296022BFC229A669013692D0</td></tr><tr><td>WindowsServer2003-KB2868846-x86-ITA.exe</td><td>F7187B9B16F52BD40F837F798F576E631A8C22AD</td><td>83EAD59D8AFF57F27695551665043298C3A9DA66F77423AF64D63A2A1A135E96</td></tr><tr><td>WindowsServer2003-KB2868846-x86-JPN.exe</td><td>5B609F02F40DE558786D3607DA19922ABBF76685</td><td>6170609F9808DBDD50F9BD59AE0F3695D76C31196E293CE26FAAD65C001A1E88</td></tr><tr><td>WindowsServer2003-KB2868846-x86-KOR.exe</td><td>7706F55A53F40BFE3900CF3F501DB8AFE018A012</td><td>987491A123F6544ABD1EAF26D856523F698249339574ACABFD08F59BBE8B6FD5</td></tr><tr><td>WindowsServer2003-KB2868846-x86-NLD.exe</td><td>6EADB2A052183EB73E64C25B29F04BB673174355</td><td>852880C1DB58C3750FA059AE836991F6D7F64F1C708E1A56B09CD1594BF12B2E</td></tr><tr><td>WindowsServer2003-KB2868846-x86-PLK.exe</td><td>037D82DC4F9717D544AA855F6AD29E8D5ABF3568</td><td>639160A6E0FC0DC44BAB55AF14A649C3D3D29BAEB4FCE8441E9A747B878D94C6</td></tr><tr><td>WindowsServer2003-KB2868846-x86-PTB.exe</td><td>3E01A0090C714AFA353BFE86F208B519A5C5E4D9</td><td>34F207BF3A535E83599B3FDA620B23B90C71678211CB98AC26B36A2197F6473F</td></tr><tr><td>WindowsServer2003-KB2868846-x86-PTG.exe</td><td>B357EFCB2032924093B943CF6C4FB23F83AF98D4</td><td>2D3F9E8BF1EF4863277419A9E499DFDE857F6E4B5B315A224DA13343EE1CCFB1</td></tr><tr><td>WindowsServer2003-KB2868846-x86-RUS.exe</td><td>B31FC8EBC674F266212140AC79C2785B7770517B</td><td>F5D2102E95431A25D3ADF8552B7A4DFF864335D4FEA49EBADC440C02FF412D77</td></tr><tr><td>WindowsServer2003-KB2868846-x86-SVE.exe</td><td>47A7E1601E9ACE9605314510974C990425027438</td><td>3453855F909B8DDFF70B8D706575B5D4E9A732628E0F4E5E8ADFB3DFD9B8534A</td></tr><tr><td>WindowsServer2003-KB2868846-x86-TRK.exe</td><td>03617877880564F726D7830895CFAA0AE5970D34</td><td>E93F0BD730376BB0D0B230C79D303A4BE3ED74D98F1A461A64238C7BD11917F6</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-CHS.exe</td><td>07CF3A347257350C86B20C2A21F90CB157698399</td><td>31D48EE607F73D7DDE16689644F4E6A8F0BD8BEAF81B775F2158FEAD273F57A2</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-CHT.exe</td><td>B2AEB2761358B5281FB640A0A3D358093F96F730</td><td>89B85DE692222A7C8915773BC32247841CA4B2EC36113029EAA029963F207E60</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-DEU.exe</td><td>C15EC484FF4935C067B7EBC6241B2CD329D50D62</td><td>808A43B690C511570D4BC1EC94CDEC6C1F30A1C6B8644037E1A7F67B63260711</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-ENU.exe</td><td>8DE25AA79AEA3D5B34F5BD74CF5605AD501EED4D</td><td>3482FE13CFB748821C54BD77B4799BA9F84F1B959E0E7EA7571FDC083CF3EC9B</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-ESN.exe</td><td>809CD91ABDADA30553EAAFB563E3B42EBCFB318B</td><td>52B249F0F67C580A4706D6318E52DFADA1C59B8EE17A8BD39CFD044E41135C56</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-FRA.exe</td><td>F05322670D9027BE40DEC980A01F5505C1F8B1D0</td><td>47088F0AAF9D4C123C6B66C7F67439E39B1B01D13319346231C53B321FCBB410</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-ITA.exe</td><td>5B4741C99CC685720AED070DBAD7E6AD2883A279</td><td>F137D2203AFDDB7434CF506961A9C3D0AA4E45E20F9DF0600EE76ABD979A145A</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-JPN.exe</td><td>94F6FA934103C5EC0D3BE0339C8D8CD3B7BB1A35</td><td>620BA8FE023816744902FEC6BE90340D7314473555351B9BCB7BF299AF72CAA1</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-KOR.exe</td><td>861A14C9F2409725565D56D13B2221E7B89C47D9</td><td>97AFA138A6E7A9882E8490EEDDA77C270A331F2B6DC24FF3DFD3CC97F773744C</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-PTB.exe</td><td>5827ADDBFAB253A1BC25E6F2FAC437C29EB753B3</td><td>EDAE47112C668FC2AB8726C8077F559A1701E7509F873A6FDE0815B762B45D39</td></tr><tr><td>WindowsServer2003.WindowsXP-KB2868846-x64-RUS.exe</td><td>763F64994DC3AB69453806C63D18D229B1163097</td><td>3C4D2DCEB674C698583E19324488F0401089516A54E9810BABEA7D6DD5EA7490</td></tr></table></div></div><br /></span></div></div></div></div></body></html>