Latest security bulletin addresses vulnerability in AD FS

The April 2015 Security Bulletin, Microsoft released an update for Active Directory Federation Service 3.0 which comes with Windows Server 2012 R2.

According to the documentation, the vulnerability would allow an attacker to gain access to an application – such as Office 365. Apparently the flaw is in the logoff process. As I understand it from the limited information available, although the user appears to have logged off, the logoff actually failed allowing an attacker to re-use the existing token to access the application as the user.

Although the bulletin mentions that Microsoft has no knowledge of any cases where this vulnerability was exploited, I personally wouldn’t wait for it to happen to me… 🙂

More information can be found here: https://technet.microsoft.com/library/security/MS15-040

Latest security bulletin addresses vulnerability in AD FS

Like this:

About The Author

Michael Van Horenbeeck

Leave a ReplyCancel reply

Search

Follow Me

Youtube

Twitter

Instagram

Microsoft MVP

About me

Hello! I’m Michael

Recent Posts

Latest security bulletin addresses vulnerability in AD FS

Share this:

Like this:

About The Author

Michael Van Horenbeeck

Related Posts

This was the Microsoft Exchange Conference 2012

Hybrid Configration Wizard fails with error ‘Mail Flow Default Receive Connector cannot be found on server…’

Free/Busy in a hybrid environment fail and Test-Federationtrust returns error “Failed to validate delegation token”

Selective authentication for (sub-)domains in Office 365

Leave a ReplyCancel reply

Search

Follow Me

Youtube

Twitter

Instagram

Microsoft MVP

About me

Hello! I’m Michael

Recent Posts

Discover more from Microsoft 365 Security