active directory federation services

  1. CVE-2026-56155: Fix AD FS DKM ACLs Before October Enforcement

    CVE-2026-56155 is an actively exploited elevation-of-privilege vulnerability in Active Directory Federation Services that can expose the private keys behind an organization’s federation tokens. Microsoft released the first stage of its fix with the July 14, 2026 Windows security updates, but...
  2. CISA KEV Adds SonicWall, AD FS and SharePoint Zero-Days

    CISA added four actively exploited vulnerabilities affecting SonicWall SMA1000 appliances, Microsoft Active Directory Federation Services, and Microsoft SharePoint Server to its Known Exploited Vulnerabilities Catalog on July 14, putting internet-facing access infrastructure and identity systems...
  3. July 2026 Patch Tuesday Fixes 2 Exploited Zero-Days

    Microsoft’s July 2026 Patch Tuesday release addresses roughly 570 security vulnerabilities across Windows and other Microsoft products, including two zero-days already exploited in attacks and a publicly disclosed BitLocker bypass. Windows 11 users should prioritize KB5101650 or KB5099414, while...
  4. CVE-2026-50695: Patch AD FS DoS Flaw in July 14 Updates

    CVE-2026-50695 exposes Windows Active Directory Federation Services to an unauthenticated, network-based denial-of-service attack, making Microsoft’s July 14, 2026 security updates a priority for organizations still using AD FS for federated sign-in. Microsoft rates the vulnerability Important...
  5. CVE-2026-54983 Fix: Patch AD FS DoS Flaw in July 14 Updates

    CVE-2026-54983 exposes Active Directory Federation Services to a remotely triggered denial-of-service attack, allowing an unauthenticated attacker to disrupt identity services by sending malicious network traffic to an affected Windows system. Microsoft released the fix on July 14, 2026, as part...