Summary
This host is missing an important security update according to Microsoft Bulletin MS13-066.
Impact
Successful exploitation will allow remote attackers to obtain potentially sensitive information.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-066
Insight
Flaw is due to an error within the Active Directory Federation Services (ADFS)
Affected
Active Directory Federation Services 2.1
- Microsoft Windows Server 2012
Active Directory Federation Services 2.0
- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior
Active Directory Federation Services 1.0
- Microsoft Windows 2003 x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-3185 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Outlook Information Disclosure Vulnerability (2894514)
- ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
- Microsoft .NET Framework Security Bypass Vulnerability (2984625)
- Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
- Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)