<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.</p>
<p>To exploit this vulnerability, an attacker could send a specially crafted authentication request.</p>
<p>This security update corrects how ADFS handles multi-factor authentication requests.</p>
CPE | Name | Operator | Version |
---|---|---|---|
windows_10 | eq | 1607 | |
windows_10 | eq | 1607 | |
windows_10 | eq | 1809 | |
windows_10 | eq | 1903 | |
windows_10 | eq | 1909 | |
windows_10 | eq | 2004 | |
windows_server_2016 | eq | 1903 | |
windows_server_2016 | eq | 1909 | |
windows_server_2016 | eq | 2004 |