MS13-066 - Important : Vulnerability in Active Directory Federation Services Could Allow...

Discussion in 'Security Alerts' started by News, Aug 15, 2013.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating: Important
    Revision Note: V2.1 (August 14, 2013): Revised bulletin to restore the download links for the AD FS 1.x and AD FS 2.1 updates and to clarify that the issues communicated in the V2.0 bulletin rerelease apply only to AD FS 2.0.
    Summary: This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). The vulnerability could reveal information pertaining to the service account used by AD FS. An attacker could then attempt logons from outside the corporate network, which would result in account lockout of the service account used by AD FS if an account lockout policy has been configured. This would result in denial of service for all applications relying on the AD FS instance.

    Continue reading...

Share This Page