Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066ID: oval:org.secpod.oval:def:15066 | Date: (C)2013-09-03 (M)2023-11-23 |
Class: PATCH | Family: windows |
The host is missing an important security update according to Microsoft security bulletin, MS13-066. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which is caused when an Active Directory Federation Services instance exposes account information through an open endpoint. Successful exploitation allows attackers to reveal information pertaining to the service account used by AD FS.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |