Andrew Lee

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows Server 2012 R2 Windows 10 Servers **Description** A security feature bypass issue exists due to improper handling of multi-factor authentication requests by Active Directory Federation Services (AD FS). This allows a remote attacker to bypass authentication procedures by sending specially crafted authentication requests. **Recommendations** For Windows Server 2016, update the system to address the security feature bypass vulnerability. For Windows Server 2012 R2, update the system to address the security feature bypass vulnerability. For Windows 10 Servers, update the system to address the security feature bypass vulnerability.