KLA10986
Information disclosure vulnerability in Microsoft Active Directory Federation Services
Updated: 05/22/2020
Detect date
?
03/14/2017
Severity
?
Warning
Description

An improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services (ADFS). By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request.

Affected products

Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS17-019
CVE-2017-0043

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Windows Server 2012
Microsoft Windows Server 2008
CVE-IDS
?
CVE-2017-00432.9Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4012217
4012215
4012216
4013429
4012212
4012214
4012213
3217882
4010320