PT-2017-10432 · Microsoft · Adfs+4

Published

2017-04-11

Updated

2019-10-03

CVE-2017-0159

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Windows 10 version 1607 Windows Server 2012 R2 Windows 2016

Description A security feature bypass issue exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. This allows attackers to affect the system.

Recommendations For Windows 10 version 1607, update the ADFS configuration to correctly differentiate between Extranet and Intranet requests. For Windows Server 2012 R2, apply the necessary security patches to address the ADFS security feature bypass. For Windows 2016, reconfigure ADFS to properly handle requests from Extranet clients.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-0159

Affected Products

Adfs

Windows

Windows 10

Windows 2016

Windows Server 2012 R2

PT-2017-10432 · Microsoft · Adfs+4

CVE-2017-0159

Related Identifiers

Affected Products

References · 7