CVE-2017-0159 — Corporation Windows vulnerability

3 documents3 sources

Severity

3.7LOWNVD

EPSS

5.2%

top 10.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Microsoft Windows Server 2012 +4 more

Timeline

PublishedApr 12

Latest updateMay 13

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101607, 1703+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-wxj8-qq2p-xv7j: A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests comi↗2022-05-13

▶

📋Vendor Advisories

Microsoft

ADFS Security Feature Bypass Vulnerability↗2017-04-11

▶