MS15-062: Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
Medium Nessus Plugin ID 84060
SynopsisThe remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe remote Windows host is affected by an XSS elevation of privilege vulnerability in Active Directory Federation Services (AD FS) due to improper sanitization of user-supplied input. A remote attacker can exploit this by submitting a specially crafted URL to a target site, resulting in the execution of malicious script code in the security context of the user or the ability to conduct further cross-site scripting attacks.
SolutionMicrosoft has released a set of patches for Windows Server 2008, 2008 R2, and 2012.