CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-062 | Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577) | Windows Server | Important | 10-06-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur.
Detailed Information on the risk:
To exploit this vulnerability, an attacker must have the ability to submit a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content.
Further information on this exploit is available at : MS15-062
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Affected Software
Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012