Release DateDec 08, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a remote code execution vulnerability in Microsoft Windows Active Directory Federation Services (ADFS).The vulnerability is caused by an error when handling malformed request header passed to an ADFS enabled Web server. It can be exploited via a crafted http request, leading to remote code execution. |
Affected ProductsWindows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/Bulletin/ms09-070.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2509 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/ms09-070.mspx (MS-ID)http://www.securityfocus.com/bid/37214 (BugTraq) |
