MS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
High Nessus Plugin ID 43062
SynopsisArbitrary code can be executed on the remote host through Microsoft Active Directory Federation Services.
DescriptionThe version of Microsoft Active Directory Federation Services (ADFS) installed on the remote host is affected by the following vulnerabilities :
- Insufficient session management validation in the single sign-on functionality of ADFS could allow a remote, authenticated user to spoof the identity of another user. (CVE-2009-2508)
- Incorrect validation of request headers when a remote, authenticated user connects to an ADFS-enabled web server could be leveraged to perform actions on the affected IIS server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges.
SolutionMicrosoft has released a set of patches for Windows 2003 and 2008.