Microsoft: ADFS Spoofing Vulnerability
A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. This security update corrects how ADFS handles multi-factor authentication requests.
Windows Server, version 2004 (Server Core installation),Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows 10,Windows Server, version 1909 (Server Core installation),Windows Server 2019