Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2015-05-05) Make Sure To Patch Your ADFS Infrastructure, If You Have Not Done It Already

Posted by Jorge on 2015-05-05


Last month Microsoft disclosed a serious vulnerability (MS15-034) that exists in the HTTP protocol stack (HTTP.sys) that allows for remote code execution. This is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. Microsoft also released a security update to patch Windows systems.

Now you may thing that you only need to patch Windows systems with IIS installed. That is not accurate. You also need to patch any system, even is IIS is not installed, that is built on top of HTTP.SYS. An example is ADFS v3.0 and higher.

This means that any system protected through ADFS is vulnerable if the ADFS infrastructure is compromised! If ADFS is compromised by someone, then that person is able to generate any security token with any claims in it, and gain access to claims-aware applications.

Therefore make sure to patch any Windows system with IIS or that is built on top of just HTTP.SYS!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: