CVE-2017-0043

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 version 1607 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

Description The issue is related to a lack of protection for service data in Active Directory Federation Services. It allows an attacker to obtain sensitive information using a specially crafted application. Local users can exploit this to gain confidential information.

Recommendations For Microsoft Windows 10 version 1607, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 SP2, apply the necessary patch to resolve the issue. For Microsoft Windows Server 2008 R2 SP1, apply the necessary patch to resolve the issue. For Microsoft Windows Server 2012, apply the necessary patch to resolve the issue. For Microsoft Windows Server 2012 R2, apply the necessary patch to resolve the issue. For Microsoft Windows Server 2016, apply the necessary patch to resolve the issue.