CVE-2009-2509

Name of the Vulnerable Software and Affected Versions Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 Active Directory Federation Services (ADFS) in Microsoft Windows Server 2008 Gold and SP2

Description The issue is related to the improper validation of headers in HTTP requests by Active Directory Federation Services (ADFS) in Microsoft Windows Server, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that properly validates HTTP request headers. For Microsoft Windows Server 2008 Gold and SP2, update to a version that properly validates HTTP request headers. As a temporary workaround, consider restricting access to the IIS web server to minimize the risk of exploitation.