|MS09-070||Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)||Windows Server||Critical||08-12-2009|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server.
Detailed Information on the risk:
A spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.
Further information on this exploit is available at : MS09-070
Affected SoftwareWindows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2