CVE-2017-0043 — Sensitive Information Exposure in Corporation Active Directory Federation Services

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

6.0%

top 9.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Active Directory Federation Services Microsoft Windows 10 Microsoft Windows Server 2008 +9 more

Timeline

PublishedMar 17

Latest updateMay 17

Description

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages11 packages

▶CVEListV5microsoft_corporation/active_directory_federation_servicesActive Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9frw-chc7-2jhv: Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Se↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Active Directory Federation Services Information Disclosure↗2017-03-14

▶