Security feature bypass

2017-04-1214:59:00

PRIOn knowledge base

www.prio-n.com

4.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka “ADFS Security Feature Bypass Vulnerability.”

CPENameOperatorVersion
windows_10eq1607
windows_10eq1703
windows_server_2012eq2.0.114

Name	Operator	Version
windows_10	eq	1607
windows_10	eq	1703
windows_server_2012	eq	2.0.114

References

www.securityfocus.com/bid/97449

www.securitytracker.com/id/1038243

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159