Remote Code Execution Vulnerabilities in Active Directory Federation Services - MS09-070ID: oval:org.secpod.oval:def:2591 | Date: (C)2011-10-21 (M)2022-10-10 |
Class: PATCH | Family: windows |
The host is missing an important security update according to Microsoft security bulletin, MS09-070. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Directory Federation Services (ADFS), which fails to validate request headers when an authenticated user connects to an ADFS enabled Web server. Successful exploitation allows an attacker to execute arbitrary code or take complete control of an affected system.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |