CVE-2017-0159

EUVD-2017-0526
A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2016
*
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64)
KB4015217
1703 (x86)
KB4015583
Windows Server 2012 R2
Server Core
KB4015550
Standard
KB4015550
Windows Server 2016
Server Core
KB4015217
Standard
KB4015217
References
http://www.securityfocus.com/bid/97449
http://www.securitytracker.com/id/1038243
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159
http://www.securityfocus.com/bid/97449
http://www.securitytracker.com/id/1038243
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159