|CERT-In Vulnerability Note
Microsoft Windows Active Directory Federation Services Remote Code Execution Vulnerabilities
Original Issue Date:December 09, 2009
Severity Rating: MEDIUM
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
A vulnerability exists in Microsoft Windows Local Security Authority Subsystem Service LSASS which could allow remote attacker to cause Denial of Service DoS condition on an affected system.
1. Single Sign On Spoofing in ADFS Vulnerability
This vulnerability is caused due to improper session management routines in ADFS. The authentication services fail to terminate a users session after the user logs out. An attacker with local access to a system on which the user has previously logged in via ADFS could exploit this vulnerability to resume a users session to a web application. As a result, the attacker could take actions on the website with the privileges of the user.
2. Remote Code Execution in ADFS Vulnerability
This vulnerability is caused due to improper processing of request headers within messages exchanged between a user and the ADFS. An authenticated, remote attacker could exploit this vulnerability by sending a malicious request to the vulnerable system running vulnerable services. While processing, the request could allow the attacker to execute arbitrary code on the system with the privileges of ADFS.
- Disable the IPsec service if not in use
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003