#VU5957 Information disclosure in Windows Server - CVE-2017-0043

Cybersecurity Help s.r.o.

Published: 2017-03-14

Vulnerability identifier: #VU5957

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-0043

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a flaw in Windows Active Directory Federation Services (ADFS) when handling XML External Entities. A remote authenticated attacker can send a specially crafted request to the ADFS service and gain access to important data.

Successful exploitation of this vulnerability results in information disclosure.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Windows Server: 2008 R2 - 2008, 2012 R2 - 2012, 2016 10.0.14393.10

External links
https://technet.microsoft.com/en-us/library/security/MS17-019

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Microsoft Active Directory Federation Services Information Disclosure Vulnerability

Information disclosure in Windows Active Directory Federation Services