| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS09-070 | Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) | Windows Server | Critical | 08-12-2009 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server.
Detailed Information on the risk:
A spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.
Further information on this exploit is available at : MS09-070
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2