CVE-2017-0159

Name of the Vulnerable Software and Affected Versions Windows 10 version 1607 Windows Server 2012 R2 Windows 2016

Description A security feature bypass issue exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. This allows attackers to affect the system.

Recommendations For Windows 10 version 1607, update the ADFS configuration to correctly differentiate between Extranet and Intranet requests. For Windows Server 2012 R2, apply the necessary security patches to address the ADFS security feature bypass. For Windows 2016, reconfigure ADFS to properly handle requests from Extranet clients.