<< Back
CVE Number Vulnerability Product Severity Date
MS09-070 Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) Windows Server Critical 08-12-2009

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server.
Detailed Information on the risk:

A spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.


Further information on this exploit is available at : MS09-070

Affected Software

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2